CVE-2019-19006
CVE-2019-19006
In short
FreePBX versions 15.0.16.26 and earlier, 14.0.13.11 and earlier, and 13.0.197.13 and earlier have a flaw that allows attackers to bypass access controls and gain unauthorized access to the system. This means someone could perform actions they shouldn't be allowed to do without proper authentication or permission.
Technical detail
This vulnerability is an authentication bypass or improper access control flaw (CWE-287) affecting multiple FreePBX versions. An attacker can circumvent authorization checks to access restricted functionality or administrative features, potentially without valid credentials or privilege escalation, leading to complete system compromise.
Summary generated and translated by AI from the official description.
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772https://pastebin.com/2CdsQMKWhttps://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypasshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19006https://www.freepbx.org/category/blog/