Known Vulnerabilities for products from Sangoma
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sangoma".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Sangoma can be found at device.report : Sangoma
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-43336 json | Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control is... | 8.8 - HIGH | 2023-11-02 | 2023-11-09 |
| CVE-2023-26567 json | Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in ... | 8.1 - HIGH | 2023-04-26 | 2023-05-05 |
| CVE-2022-42706 json | An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18... | 4.9 - MEDIUM | 2022-12-05 | 2023-02-24 |
| CVE-2022-42705 json | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote au... | 6.5 - MEDIUM | 2022-12-05 | 2023-02-24 |
| CVE-2022-37325 json | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to add... | 7.5 - HIGH | 2022-12-05 | 2023-02-24 |
| CVE-2022-23608 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-22 | 2023-08-30 |
| CVE-2022-21723 json | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.1 - CRITICAL | 2022-01-27 | 2023-08-30 |
| CVE-2021-45461 json | FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote at... | 9.8 - CRITICAL | 2021-12-22 | 2022-01-05 |
| CVE-2021-45310 json | Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an im... | 5.3 - MEDIUM | 2022-02-14 | 2022-07-12 |
| CVE-2021-37706 json | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.8 - CRITICAL | 2021-12-22 | 2023-08-30 |
| CVE-2021-4283 json | A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown func... | 5.4 - MEDIUM | 2022-12-27 | 2023-11-07 |
| CVE-2021-4282 json | A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unk... | 6.1 - MEDIUM | 2022-12-27 | 2023-11-07 |
| CVE-2020-36630 json | A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of t... | 9.8 - CRITICAL | 2022-12-25 | 2023-11-07 |
| CVE-2020-10666 json | The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code ... | 9.8 - CRITICAL | 2021-05-31 | 2022-07-12 |
| CVE-2019-25090 json | A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some ... | 6.1 - MEDIUM | 2022-12-27 | 2023-11-07 |
| CVE-2019-19852 json | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report scree... | 4.8 - MEDIUM | 2020-03-16 | 2020-03-19 |
| CVE-2019-19851 json | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfec... | 4.8 - MEDIUM | 2020-03-16 | 2020-03-20 |
| CVE-2019-19615 json | Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /a... | 4.8 - MEDIUM | 2020-03-16 | 2020-03-19 |
| CVE-2019-19552 json | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web s... | 4.8 - MEDIUM | 2019-12-06 | 2019-12-10 |
| CVE-2019-19551 json | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web s... | 4.8 - MEDIUM | 2019-12-06 | 2019-12-11 |
Known software with vulnerabilities from Sangoma
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sangoma | Asterisk | 16.10.0 |
| Application | Sangoma | Freepbx | 10.13.66 |
| Hardware | Sangoma | Session Border Controller | - |
| Operating System | Sangoma | Session Border Controller Firmware | 2.2.1-18-ga |
| Application | Sangoma | Superfecta | 13.0.1 |