PT-2020-16723 · Freeswitch+1 · Freeswitch+1
Published
2020-10-21
·
Updated
2020-10-29
·
CVE-2020-27613
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BigBlueButton versions prior to 2.2.28
Description
The installation procedure in BigBlueButton uses ClueCon as the FreeSWITCH password, allowing local users to achieve unintended FreeSWITCH access.
Recommendations
For versions prior to 2.2.28, update to version 2.2.28 or later to resolve the issue. As a temporary workaround, consider changing the FreeSWITCH password from the default ClueCon to a secure password until a patch is applied.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigbluebutton
Freeswitch