exploitDog

CVE-2021-45310

Опубликовано: 14 фев. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser.

Ссылки

https://github.com/IthacaLabs/Sangoma/tree/main/Switchvox_Version%20102409
Exploit
Third Party Advisory
https://github.com/IthacaLabs/Sangoma/tree/main/Switchvox_Version%20102409
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sangoma:switchvox:102409:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00324

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5jhr-vv8x-5wg9

CVSS3: 5.3

github

почти 4 года назад

Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser.

EPSS

Процентиль: 55%

0.00324

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200