CVE-2023-26567

{"id": "CVE-2023-26567", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2023-04-26T20:15:09.860", "references": [{"url": "https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.freepbx.org", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.sangoma.com/products/open-source/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call."}], "lastModified": "2023-05-05T15:10:19.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1805:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F799892-BFCA-4184-BF34-4D316A7B5304"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1904:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCC57541-8B9A-4F7C-B5AD-BABDE74D987B"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:1910:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDB0599D-399C-4B25-AC8D-F0DFD9F960C9"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CC01C41-5999-48DF-BA27-EB08793F9C62"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2008:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A62509A-E706-4AAE-980A-538A95FAEFFD"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44020ABA-8123-4E39-95CD-99C96DA76630"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2104:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59E7AB2A-F42F-495B-9786-63157F8FFD39"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A022DFF-AFB0-4BC9-9995-C0732D4A53D3"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2109:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F34D4BBD-FCE8-41C3-8E72-4FB06AE93D6C"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2112:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "938CB1A3-B087-4B13-8017-FB20EA66E25E"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2201:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5091CC73-0948-4F66-A95F-08B2D806706E"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2202:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "938FF93C-F1D1-46AC-8EBE-4EAF9B3266FD"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2203:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAFC050D-EEFD-4DD2-BCF3-A5209BD07A8F"}, {"criteria": "cpe:2.3:a:sangoma:freepbx_linux_7:2302:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3D1EA05-C694-421E-BD19-9FEA00731998"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}