CVE-2020-27613
First published: Wed Oct 21 2020(Updated: )
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bigbluebutton Bigbluebutton | <2.2.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-27613?
CVE-2020-27613 is a vulnerability in BigBlueButton before version 2.2.28 (or earlier) that allows local users to achieve unintended FreeSWITCH access.
What is the severity of CVE-2020-27613?
CVE-2020-27613 has a severity rating of 8.4 (high).
What software is affected by CVE-2020-27613?
BigBlueButton versions up to 2.2.28 are affected by CVE-2020-27613.
How can local users achieve unintended FreeSWITCH access in BigBlueButton?
Local users can achieve unintended FreeSWITCH access in BigBlueButton by using ClueCon as the FreeSWITCH password during the installation procedure.
Is there a fix for CVE-2020-27613?
To fix CVE-2020-27613, you should upgrade to BigBlueButton version 2.2.28 or later.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/bigbluebutton
- canonical/bigbluebutton bigbluebutton