CVE-2023-43336

HIGH

Sangoma Technologies FreePBX - Info Disclosure

Title source: llm

Description

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.

References (3)

Core 3

Core References

Product

http://freepbx.com

Product

http://sangoma.com

Exploit

https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826

Scores

CVSS v3 8.8

EPSS 0.0082

EPSS Percentile 52.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

sangoma/freepbx < 15.0.16

Published Nov 02, 2023

Tracked Since Feb 18, 2026