CVE-2021-45310
MEDIUMSangoma Switchvox 102409 - Unauthenticated Exposure of Sensitive Information via Invalid Browser Command
Title source: llmDescription
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/IthacaLabs/Sangoma/tree/main/Switchvox_Version%20102409
Scores
CVSS v3
5.3
EPSS
0.0088
EPSS Percentile
54.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
sangoma/switchvox
102409
Published
Feb 14, 2022
Tracked Since
Feb 18, 2026