Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2008-6598
Multiple race conditions in WANPIPE prior to 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
Sangoma Wanpipe 3.3.1beta
Sangoma Wanpipe 3.3.0beta
Sangoma Wanpipe 3.3.5beta
Sangoma Wanpipe 3.3.2beta
Sangoma Wanpipe 3.3.2.1beta
Sangoma Wanpipe 3.3.3beta
Sangoma Wanpipe 3.3.4beta
668
VMScore
CVE-2021-45461
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote malicious users to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
Sangoma Restapps 15.0.19.87
Sangoma Restapps 15.0.19.88
Sangoma Restapps 16.0.18.40
Sangoma Restapps 16.0.18.41
NA
CVE-2022-42706
An issue exists in Sangoma Asterisk up to and including 16.28, 17 and 18 up to and including 18.14, 19 up to and including 19.6, and certified up to and including 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the ...
Sangoma Asterisk
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk
Sangoma Asterisk 20.0.0
NA
CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. F...
Sangoma Freepbx Linux 7 1805
Sangoma Freepbx Linux 7 1904
Sangoma Freepbx Linux 7 1910
Sangoma Freepbx Linux 7 2002
Sangoma Freepbx Linux 7 2008
Sangoma Freepbx Linux 7 2011
Sangoma Freepbx Linux 7 2104
Sangoma Freepbx Linux 7 2105
Sangoma Freepbx Linux 7 2109
Sangoma Freepbx Linux 7 2112
Sangoma Freepbx Linux 7 2201
Sangoma Freepbx Linux 7 2202
Sangoma Freepbx Linux 7 2203
Sangoma Freepbx Linux 7 2302
NA
CVE-2022-42705
A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated malicious user to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that As...
Sangoma Certified Asterisk 18.9
Sangoma Asterisk
Sangoma Asterisk 20.0.0
766
VMScore
CVE-2012-4869
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and previous versions allows remote malicious users to execute arbitrary commands via the callmenum parameter in a c action.
Sangoma Freepbx 2.9
Sangoma Freepbx
3 EDB exploits
3 Github repositories
NA
CVE-2022-37325
In Sangoma Asterisk up to and including 16.28.0, 17.x and 18.x up to and including 18.14.0, and 19.x up to and including 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
Sangoma Asterisk
Sangoma Asterisk 20.0.0
578
VMScore
CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... lo...
Sangoma Freepbx 10.13.66
Sangoma Freepbx 14.0.1.24
NA
CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk before 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS ...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
NA
CVE-2023-49294
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk before 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This al...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »