CVE-2023-43336
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
Se descubrió que Sangoma Technologies FreePBX anterior a cdr 15.0.18, 16.0.40, 15.0.16 y 16.0.17 contenía un problema de control de acceso a través de un valor de parámetro modificado, por ejemplo, cambiando extensión=self a extensión=101.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-18 CVE Reserved
- 2023-11-02 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://freepbx.com | Product | |
| http://sangoma.com | Product |
| URL | Date | SRC |
|---|---|---|
| https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sangoma Search vendor "Sangoma" | Freepbx Search vendor "Sangoma" for product "Freepbx" | < 15.0.16 Search vendor "Sangoma" for product "Freepbx" and version " < 15.0.16" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Search vendor "Sangoma" for product "Freepbx" | >= 16.0.2 < 16.0.17 Search vendor "Sangoma" for product "Freepbx" and version " >= 16.0.2 < 16.0.17" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Search vendor "Sangoma" for product "Freepbx" | < 15.0.18 Search vendor "Sangoma" for product "Freepbx" and version " < 15.0.18" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Freepbx Search vendor "Sangoma" for product "Freepbx" | >= 16.0.2 < 16.0.40 Search vendor "Sangoma" for product "Freepbx" and version " >= 16.0.2 < 16.0.40" | - |
Affected
| ||||||