Latest Sangoma Vulnerabilities

CVE-2023-49786
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
Digium Asterisk<18.20.1
Digium Asterisk>=19.0.0<20.5.1
Digium Asterisk=21.0.0
Sangoma Certified Asterisk=13.13.0
Sangoma Certified Asterisk=13.13.0-cert1
Sangoma Certified Asterisk=13.13.0-cert1-rc1
and 25 more
CVE-2023-37457
Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
Digium Asterisk<=18.20.0
Digium Asterisk>=19.0.0<=20.5.0
Digium Asterisk=21.0.0
Sangoma Certified Asterisk=13.13.0
Sangoma Certified Asterisk=13.13.0-cert1
Sangoma Certified Asterisk=13.13.0-cert1-rc1
and 25 more
CVE-2023-49294
Asterisk Path Traversal vulnerability
Digium Asterisk<18.20.1
Digium Asterisk>=19.0.0<20.5.1
Digium Asterisk=21.0.0
Sangoma Certified Asterisk=13.13.0
Sangoma Certified Asterisk=13.13.0-cert1
Sangoma Certified Asterisk=13.13.0-cert1-rc1
and 25 more
CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extens...
Sangoma FreePBX<15.0.16
Sangoma FreePBX>=16.0.2<16.0.17
Sangoma FreePBX<15.0.18
Sangoma FreePBX>=16.0.2<16.0.40
CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credent...
Sangoma Freepbx Linux 7=1805
Sangoma Freepbx Linux 7=1904
Sangoma Freepbx Linux 7=1910
Sangoma Freepbx Linux 7=2002
Sangoma Freepbx Linux 7=2008
Sangoma Freepbx Linux 7=2011
and 8 more
CVE-2019-25090
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of t...
Sangoma FreePBX<13.0.5.4
<13.0.5.4
CVE-2021-4283
A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler...
Sangoma Voicemail<14.0.6.25
<14.0.6.25
CVE-2021-4282
A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file page.voicemail.php. The manipulation leads t...
Sangoma Voicemail<14.0.6.25
<14.0.6.25
CVE-2020-36630
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset le...
Sangoma FreePBX>=14.0<14.0.5.21
>=14.0<14.0.5.21
CVE-2022-42706
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected app...
Sangoma Asterisk>=16.0.0<16.29.1
Sangoma Asterisk>=17.0.0<18.15.1
Sangoma Asterisk>=19.0.0<19.7.1
Sangoma Asterisk=20.0.0
Sangoma Certified Asterisk<18.9
Sangoma Certified Asterisk=18.9-cert1
and 1 more
CVE-2022-37325
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can ca...
Sangoma Asterisk>=16.0.0<16.29.1
Sangoma Asterisk>=18.0.0<18.15.1
Sangoma Asterisk>=19.0.0<19.7.1
Sangoma Asterisk=20.0.0
debian/asterisk<=1:16.2.1~dfsg-1+deb10u2
CVE-2022-42705
A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing ac...
Sangoma Asterisk>=16.0.0<16.29.1
Sangoma Asterisk>=18.14.0<18.15.1
Sangoma Asterisk>=19.6.0<19.7.1
Sangoma Asterisk=20.0.0
Sangoma Certified Asterisk=18.9-cert2
debian/asterisk<=1:16.2.1~dfsg-1+deb10u2
CVE-2022-23608
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including...
Teluu PJSIP<=2.11.1
Asterisk Certified Asterisk<16.8.0
Asterisk Certified Asterisk=16.8.0-cert1
Asterisk Certified Asterisk=16.8.0-cert10
Asterisk Certified Asterisk=16.8.0-cert11
Asterisk Certified Asterisk=16.8.0-cert12
and 17 more
CVE-2021-45310
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name,...
=102409
CVE-2022-21723
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, p...
Teluu PJSIP<=2.11.1
Asterisk Certified Asterisk=16.8.0
Asterisk Certified Asterisk=16.8.0-cert1
Asterisk Certified Asterisk=16.8.0-cert10
Asterisk Certified Asterisk=16.8.0-cert11
Asterisk Certified Asterisk=16.8.0-cert12
and 17 more
CVE-2021-45461
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 202...
Sangoma Restapps=15.0.19.87
Sangoma Restapps=15.0.19.88
Sangoma Restapps=16.0.18.40
Sangoma Restapps=16.0.18.41
Sangoma FreePBX
Sangoma Pbxact
CVE-2021-37706
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the inc...
Teluu PJSIP<=2.11.1
Asterisk Certified Asterisk<16.8.0
Asterisk Certified Asterisk=16.8.0
Asterisk Certified Asterisk=16.8.0-cert1
Asterisk Certified Asterisk=16.8.0-cert10
Asterisk Certified Asterisk=16.8.0-cert11
and 20 more
CVE-2020-10666
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
Sangoma Restapps>=13.0<=13.0.93.2
Sangoma Restapps>=14.0<=14.0.22.2
Sangoma Restapps>=15.0<=15.0.19.2
Sangoma FreePBX
CVE-2019-19615
Sangoma FreePBX>=14.0.10.2<=14.0.10.7
CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
Sangoma FreePBX<13.0.92
Sangoma FreePBX>=14.0.0.0<14.0.38.3
Sangoma FreePBX>=15.0.0.0<15.0.13.6
CVE-2019-19851
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Supe...
Sangoma FreePBX<=13.0.4.7
Sangoma FreePBX>=14.0.0.0<=14.0.24
Sangoma FreePBX>=15.0.0.0<=15.0.2.20
CVE-2019-19552
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with suffi...
Sangoma FreePBX>=13.0<=13.0.76.43
Sangoma FreePBX>=14.0<=14.0.7
Sangoma FreePBX>=15.0<=15.0.20
CVE-2019-19551
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can subm...
Sangoma FreePBX>=13.0<=13.0.76.43
Sangoma FreePBX>=14.0<=14.0.7
Sangoma FreePBX>=15.0<=15.0.20
CVE-2019-19006
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
Sangoma FreePBX>=13.0.0.0<=13.0.197.13
Sangoma FreePBX>=14.0.0.0<=14.0.13.11
Sangoma FreePBX>=15.0.0.0<=15.0.16.26
CVE-2019-12148
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username f...
Sangoma Session Border Controller Firmware=2.3.23-119-ga
Sangoma Session Border Controller
CVE-2019-12147
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthe...
Sangoma Session Border Controller Firmware=2.3.23-119-ga
Sangoma Session Border Controller
CVE-2019-16967
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerd...
Freepbx Manager>=13.0.2<13.0.2.6
Freepbx Manager>=15.0.2<15.0.6
Freepbx Manager=13.0.1-alpha1
Sangoma FreePBX<14.0.10.3
CVE-2019-16966
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\...
Freepbx Contactmanager>=13.0.2<13.0.45.3
Freepbx Contactmanager>=14.0.1.1<14.0.5.12
Freepbx Contactmanager>=15.0.2<15.0.8.21
Freepbx Contactmanager=13.0.0-beta1
Freepbx Contactmanager=13.0.0-beta2
Freepbx Contactmanager=13.0.0-beta3
and 9 more
CVE-2018-15891
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module n...
Freepbx Freepbx=15.0.1
Sangoma FreePBX<13.0.122.43
Sangoma FreePBX>=14.0.0<14.0.18.34
Sangoma FreePBX>=15.0.0<=15.0.1
Sangoma FreePBX=15.0.1-beta4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203