exploitDog

CVE-2019-19006

Опубликовано: 21 нояб. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

Ссылки

https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772
Vendor Advisory
https://pastebin.com/2CdsQMKW
Broken Link
https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass
Vendor Advisory
https://www.freepbx.org/category/blog/
Product
https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772
Vendor Advisory
https://pastebin.com/2CdsQMKW
Broken Link
https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass
Vendor Advisory
https://www.freepbx.org/category/blog/
Product
https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/
Exploit
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19006
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*

Версия от 13.0.0.0 (включая) до 13.0.197.13 (включая)

cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*

Версия от 14.0.0.0 (включая) до 14.0.13.11 (включая)

cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*

Версия от 15.0.0.0 (включая) до 15.0.16.26 (включая)

EPSS

Процентиль: 97%

0.31613

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-85h5-chmw-697j

CVSS3: 9.8

github

больше 3 лет назад

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

EPSS

Процентиль: 97%

0.31613

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

CWE-287