Known Vulnerabilities for products from Sangoma
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sangoma".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Sangoma can be found at device.report : Sangoma
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23608 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-22 | 2023-08-30 |
| CVE-2022-21723 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.1 - CRITICAL | 2022-01-27 | 2023-08-30 |
| CVE-2021-37706 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.8 - CRITICAL | 2021-12-22 | 2023-08-30 |
| CVE-2020-10666 | The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code ... | 9.8 - CRITICAL | 2021-05-31 | 2022-07-12 |
| CVE-2019-19852 | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report scree... | 4.8 - MEDIUM | 2020-03-16 | 2020-03-19 |
| CVE-2019-19851 | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfec... | 4.8 - MEDIUM | 2020-03-16 | 2020-03-20 |
| CVE-2019-19615 | Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /a... | 4.8 - MEDIUM | 2020-03-16 | 2020-03-19 |
| CVE-2019-19552 | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web s... | 4.8 - MEDIUM | 2019-12-06 | 2019-12-10 |
| CVE-2019-19551 | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web s... | 4.8 - MEDIUM | 2019-12-06 | 2019-12-11 |
| CVE-2019-19538 | In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Exec... | 7.2 - HIGH | 2020-03-16 | 2020-08-24 |
| CVE-2019-19006 | Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. | 9.8 - CRITICAL | 2019-11-21 | 2020-08-24 |
| CVE-2019-16967 | An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager modul... | 6.1 - MEDIUM | 2019-10-21 | 2019-12-10 |
| CVE-2019-16966 | An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX... | 6.1 - MEDIUM | 2019-10-21 | 2019-12-10 |
| CVE-2019-12148 | The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argu... | 9.8 - CRITICAL | 2019-10-22 | 2020-08-24 |
| CVE-2019-12147 | The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special chara... | 9.8 - CRITICAL | 2019-10-22 | 2020-08-24 |
| CVE-2018-15891 | An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Aster... | 4.8 - MEDIUM | 2019-06-20 | 2019-12-10 |
| CVE-2018-6393 | ** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the o... | 7.2 - HIGH | 2018-01-29 | 2023-11-07 |
| CVE-2017-17430 | Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the... | 9.8 - CRITICAL | 2017-12-07 | 2019-10-03 |
| CVE-2014-7235 | htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.... | 10 - HIGH | 2014-10-07 | 2019-12-10 |
| CVE-2014-1903 | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 befor... | 7.5 - HIGH | 2014-02-18 | 2019-12-10 |
Known software with vulnerabilities from Sangoma
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sangoma | Asterisk | 16.5.0 |
| Application | Sangoma | Freepbx | 2.3.0 |
| Hardware | Sangoma | Session Border Controller | - |
| Operating System | Sangoma | Session Border Controller Firmware | 2.2.1-18-ga |
| Application | Sangoma | Superfecta | 2.2.6 |