CVE-2019-19006 Information

Description

Sangoma FreePBX 115.0.16.26 and below 14.0.13.11 and below 13.0.197.13 and below have Incorrect Access Control.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772 https://pastebin.com/2CdsQMKW https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass https://www.freepbx.org/category/blog/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8