Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26566
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote malicious users to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API.
NA
CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can excee...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
NA
CVE-2023-49294
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk before 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This al...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
NA
CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk before 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS ...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
NA
CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 exists to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
Sangoma Freepbx
NA
CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. F...
Sangoma Freepbx Linux 7 1805
Sangoma Freepbx Linux 7 1904
Sangoma Freepbx Linux 7 1910
Sangoma Freepbx Linux 7 2002
Sangoma Freepbx Linux 7 2008
Sangoma Freepbx Linux 7 2011
Sangoma Freepbx Linux 7 2104
Sangoma Freepbx Linux 7 2105
Sangoma Freepbx Linux 7 2109
Sangoma Freepbx Linux 7 2112
Sangoma Freepbx Linux 7 2201
Sangoma Freepbx Linux 7 2202
Sangoma Freepbx Linux 7 2203
Sangoma Freepbx Linux 7 2302
NA
CVE-2019-25090
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched re...
Sangoma Freepbx
NA
CVE-2021-4282
A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file page.voicemail.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to versio...
Sangoma Voicemail
NA
CVE-2021-4283
A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack...
Sangoma Voicemail
NA
CVE-2020-36630
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this iss...
Sangoma Freepbx
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »