CVE-2023-26567

Name of the Vulnerable Software and Affected Versions Sangoma FreePBX versions 1805 through 2302

Description The issue exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface by placing AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. An attacker can exploit this by making a "/ari/asterisk/variable?variable=AMPDBPASS" API call.

Recommendations For Sangoma FreePBX versions 1805 through 2302, consider restricting access to the /ari/asterisk/variable API endpoint to minimize the risk of exploitation. Additionally, avoid using the variables AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in global variables until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.