Vulnerabilities > Fonality

DATE	CVE	VULNERABILITY TITLE	RISK
2016-06-20	CVE-2016-2364	Unspecified vulnerability in Fonality and HUD web The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. network low complexity fonality	5.0
2016-06-20	CVE-2016-2363	Permissions, Privileges, and Access Controls vulnerability in Fonality 12.6/12.8/14.1I Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. local low complexity fonality CWE-264	7.2
2016-06-20	CVE-2016-2362	Unspecified vulnerability in Fonality 12.6/12.8/14.1I Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. network low complexity fonality critical	10.0

Vulnerabilities > Fonality {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fonality"}]}