Lucene search

GoogleOSV:CVE-2023-43336

HistoryNov 02, 2023 - 12:15 p.m.

CVE-2023-43336

2023-11-0212:15:09

Google

osv.dev

sangoma technologies

freepbx

access control

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.8%

JSON

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.

CPENameOperatorVersion
coreeqrelease/15.0.9.89
coreeqrelease/13.0.192.19
coreeqrelease/13.0.10
coreeqrelease/13.0.35
coreeqrelease/14.0.28.40
coreeqrelease/12.0.1beta11
coreeqrelease/13.0.131.5
coreeqrelease/14.0.2.16
coreeqrelease/13.0.1beta3.18
coreeqrelease/13.0.1beta3.52

Name	Operator	Version
core	eq	release/15.0.9.89
core	eq	release/13.0.192.19
core	eq	release/13.0.10
core	eq	release/13.0.35
core	eq	release/14.0.28.40
core	eq	release/12.0.1beta11
core	eq	release/13.0.131.5
core	eq	release/14.0.2.16
core	eq	release/13.0.1beta3.18
core	eq	release/13.0.1beta3.52

Rows per page:

1-10 of 17331

References

freepbx.com

sangoma.com

medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.8%

JSON

Related for OSV:CVE-2023-43336