1. Home
  2. CVE Database
  3. CVE-2023-26566
HIGH · 8.6

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal ca...

Vulnerability Description

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
LOW

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2023-26566?

CVE-2023-26566 is a vulnerability with a CVSS score of 8.6 (HIGH). Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal ca...

How severe is CVE-2023-26566?

CVE-2023-26566 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26566?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.