Sangoma Session Border Controller Firmware vulnerabilities
2 known vulnerabilities affecting sangoma/session_border_controller_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2019-12148P2CRITICALCVSS 9.8v2.3.23-119-ga2019-10-22
CVE-2019-12148 [CRITICAL] CWE-88 CVE-2019-12148: The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authenti
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This
nvd
CVE-2019-12147P3CRITICALCVSS 9.8v2.3.23-119-ga2019-10-22
CVE-2019-12147 [CRITICAL] CWE-88 CVE-2019-12147: The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument In
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH)
nvd