CVE-2019-12147

moderate-risk
Published 2019-10-22

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt.

Do I need to act?

~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Session Border Controller Firmware

Affected Vendors

Sangoma

References (6)

Exploit http://packetstormsecurity.com/files/154914/Sangoma-SBC-2.3.23-119-GA-Unauthenti...
Exploit http://seclists.org/fulldisclosure/2019/Oct/40
Not Applicable https://blog.appsecco.com
Exploit http://packetstormsecurity.com/files/154914/Sangoma-SBC-2.3.23-119-GA-Unauthenti...
Exploit http://seclists.org/fulldisclosure/2019/Oct/40
Not Applicable https://blog.appsecco.com
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal