VYPR
Unrated severityNVD Advisory· Published Apr 26, 2023· Updated Feb 3, 2025

CVE-2023-26567

CVE-2023-26567

Description

Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Freepbx/Freepbxcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 1805-2302

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.