Vulnerabilities > Sangoma > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-25 CVE-2020-36630 SQL Injection vulnerability in Sangoma Freepbx
A vulnerability was found in FreePBX cdr 14.0.
network
low complexity
sangoma CWE-89
critical
9.8
2022-02-22 CVE-2022-23608 Use After Free vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-416
critical
9.8
2022-01-27 CVE-2022-21723 Out-of-bounds Read vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-125
critical
9.1
2021-12-22 CVE-2021-45461 Unspecified vulnerability in Sangoma Restapps
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021.
network
low complexity
sangoma
critical
9.8
2021-12-22 CVE-2021-37706 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-191
critical
9.8
2021-05-31 CVE-2020-10666 Command Injection vulnerability in Sangoma Restapps
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
network
low complexity
sangoma CWE-77
critical
9.8
2019-11-21 CVE-2019-19006 Improper Authentication vulnerability in Sangoma Freepbx
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
network
low complexity
sangoma CWE-287
critical
9.8
2019-10-22 CVE-2019-12148 Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field.
network
low complexity
sangoma CWE-88
critical
9.8
2019-10-22 CVE-2019-12147 Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field.
network
low complexity
sangoma CWE-88
critical
9.8
2017-12-07 CVE-2017-17430 Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
network
low complexity
sangoma CWE-287
critical
9.8