Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2023-26567
HistoryApr 26, 2023 - 12:00 a.m.

CVE-2023-26567

2023-04-2600:00:00
mitre
www.cve.org
sangoma freepbx
cleartext authentication
asterisk database
manager interface
cve-2023-26567

8.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.

Related

prion 1
cve 1
nvd 1
prion
prion
Authentication flaw
2023-04-26 20:15:00
cve
cve
CVE-2023-26567
2023-04-26 20:15:09
nvd
nvd
CVE-2023-26567
2023-04-26 20:15:09

8.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON
Related for CVELIST:CVE-2023-26567
prion1cve1nvd1