CVE-2020-27613

2020-10-2114:08:23

mitre

www.cve.org

installation

bigbluebutton

freeswitch

local users

AI Score

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

References

www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html