Sangoma FreePBX Linux Hardcoded Credentials

Vulnerability Type: Hardcoded Credentials

Vendor of the product: Sangoma Technologies Corporation

Affected products:

Product: Sangoma FreePBX Linux 7 (ISO images SNG7-PBX16-64bit)

Versions: 2105,2109,2112,2201,2202,2203

Product: Sangoma FreePBX Linux 7 (ISO images SNG7-(F)PBX-64bit)

Versions: 1805,1904,1910,2002,2008,2011,2104,2203

Attack Type: Remote

Discovered: 01/02/2023

Reported: 16/02/2023

Disclosed: 10/04/2023

Affected Components: Asterisk REST Interface (ARI)

CVE assigned: CVE-2023-26566

CVSS Score: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)

Vulnerability Description: Sangoma FreePBX Linux 7 versions 1805 to 2203, when installed from the official ISO images, contain hardcoded credentials for the Asterisk REST Interface (ARI), which could allow remote attackers to reconfigure Asterisk and make external and internal calls via HTTP(S) and Web Socket requests sent to the API.

Attack Vector: To exploit the vulnerability, attackers must connect to either port 8088/tcp (HTTP/WS) or 8089/tcp (HTTPS/WSS) and authenticate with the ARI service using the hardcoded credentials of the vulnerable software/distribution version.

Impact: Attackers can utilize the ARI functionality via ports 8088/tcp and/or 8089/tcp to create Asterisk apps and endpoints, make internal and external calls, and/or retrieve authentication and system information that could help in formulating further attacks against the system and its users.

Recommended Post