Vulnerabilities > Sangoma > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-49215 Path Traversal vulnerability in Sangoma Asterisk and Certified Asterisk
An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5.
local
low complexity
sangoma CWE-22
7.8
2023-12-14 CVE-2023-37457 Classic Buffer Overflow vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-120
8.2
2023-12-14 CVE-2023-49294 Path Traversal vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-22
7.5
2023-11-02 CVE-2023-43336 Unspecified vulnerability in Sangoma Freepbx
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
network
low complexity
sangoma
8.8
2023-04-26 CVE-2023-26567 Insufficiently Protected Credentials vulnerability in Sangoma Freepbx Linux 7
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables.
network
low complexity
sangoma CWE-522
8.1
2022-12-05 CVE-2022-37325 Out-of-bounds Write vulnerability in Sangoma Asterisk
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
network
low complexity
sangoma CWE-787
7.5
2021-12-22 CVE-2021-45461 Unspecified vulnerability in Sangoma Restapps
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021.
network
low complexity
sangoma
7.5
2021-05-31 CVE-2020-10666 Command Injection vulnerability in Sangoma Restapps
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
network
low complexity
sangoma CWE-77
7.5
2019-11-21 CVE-2019-19006 Improper Authentication vulnerability in Sangoma Freepbx 13.0.0.0/13.0.1
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
network
low complexity
sangoma CWE-287
7.5
2019-10-29 CVE-2009-3723 Incorrect Authorization vulnerability in multiple products
asterisk allows calls on prohibited networks
network
low complexity
sangoma debian CWE-863
7.5