Vulnerabilities > Sangoma > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-22 CVE-2019-12148 Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field.
network
low complexity
sangoma CWE-88
7.5
7.5
2018-01-29 CVE-2018-6393 SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter.
network
low complexity
sangoma CWE-89
7.2
7.2
2017-12-07 CVE-2017-17430 Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
network
low complexity
sangoma CWE-287
7.5
7.5
2017-06-02 CVE-2017-9358 Infinite Loop vulnerability in multiple products
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
network
low complexity
sangoma asterisk CWE-835
7.5
7.5
2014-02-18 CVE-2014-1903 Permissions, Privileges, and Access Controls vulnerability in multiple products
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
network
low complexity
freepbx sangoma CWE-264
7.5
7.5
2012-09-06 CVE-2012-4869 Code Injection vulnerability in Sangoma Freepbx
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
network
low complexity
sangoma CWE-94
7.5
7.5