Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-6598
Multiple race conditions in WANPIPE prior to 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
Sangoma Wanpipe 3.3.1beta
Sangoma Wanpipe 3.3.0beta
Sangoma Wanpipe 3.3.5beta
Sangoma Wanpipe 3.3.2beta
Sangoma Wanpipe 3.3.2.1beta
Sangoma Wanpipe 3.3.3beta
Sangoma Wanpipe 3.3.4beta
7.5
CVSSv2
CVE-2021-45461
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote malicious users to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
Sangoma Restapps 15.0.19.87
Sangoma Restapps 15.0.19.88
Sangoma Restapps 16.0.18.40
Sangoma Restapps 16.0.18.41
NA
CVE-2022-42706
An issue exists in Sangoma Asterisk up to and including 16.28, 17 and 18 up to and including 18.14, 19 up to and including 19.6, and certified up to and including 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the ...
Sangoma Asterisk
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk
Sangoma Asterisk 20.0.0
NA
CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. F...
Sangoma Freepbx Linux 7 1805
Sangoma Freepbx Linux 7 1904
Sangoma Freepbx Linux 7 1910
Sangoma Freepbx Linux 7 2002
Sangoma Freepbx Linux 7 2008
Sangoma Freepbx Linux 7 2011
Sangoma Freepbx Linux 7 2104
Sangoma Freepbx Linux 7 2105
Sangoma Freepbx Linux 7 2109
Sangoma Freepbx Linux 7 2112
Sangoma Freepbx Linux 7 2201
Sangoma Freepbx Linux 7 2202
Sangoma Freepbx Linux 7 2203
Sangoma Freepbx Linux 7 2302
NA
CVE-2022-42705
A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated malicious user to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that As...
Sangoma Certified Asterisk 18.9
Sangoma Asterisk
Sangoma Asterisk 20.0.0
7.5
CVSSv2
CVE-2012-4869
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and previous versions allows remote malicious users to execute arbitrary commands via the callmenum parameter in a c action.
Sangoma Freepbx 2.9
Sangoma Freepbx
3 EDB exploits
3 Github repositories
NA
CVE-2022-37325
In Sangoma Asterisk up to and including 16.28.0, 17.x and 18.x up to and including 18.14.0, and 19.x up to and including 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
Sangoma Asterisk
Sangoma Asterisk 20.0.0
6.5
CVSSv2
CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... lo...
Sangoma Freepbx 10.13.66
Sangoma Freepbx 14.0.1.24
3.5
CVSSv2
CVE-2018-15891
An issue exists in FreePBX core prior to 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
Sangoma Freepbx 15.0.1
Freepbx Freepbx 15.0.1
Sangoma Freepbx
NA
CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can excee...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »