CVE-2023-43336

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*

History

17 Sep 2024, 14:35

Type Values Removed Values Added
CWE CWE-284

09 Nov 2023, 19:27

Type Values Removed Values Added
First Time Sangoma
Sangoma freepbx
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE NVD-CWE-Other
CPE cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
References (MISC) http://sangoma.com - (MISC) http://sangoma.com - Product
References () https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 - () https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 - Exploit
References (MISC) http://freepbx.com - (MISC) http://freepbx.com - Product

07 Nov 2023, 04:21

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826', 'name': 'https://medium.com/@janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826', 'tags': [], 'refsource': 'MISC'}
  • () https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 -

02 Nov 2023, 12:54

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-02 12:15

Updated : 2024-09-17 14:35


NVD link : CVE-2023-43336

Mitre link : CVE-2023-43336

CVE.ORG link : CVE-2023-43336


JSON object : View

Products Affected

sangoma

  • freepbx
CWE
NVD-CWE-Other CWE-284

Improper Access Control