CVE-2023-26566

HIGH

Sangoma FreePBX 1805-2203 - Use of Hard-coded Credentials in Asterisk REST Interface

Title source: llm

Description

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API.

References (1)

Core 1

Core References

Various Sources

https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-hardcoded-credentials

Scores

CVSS v3 8.6

EPSS 0.0071

EPSS Percentile 48.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026