cvedb.io
CVE-2023-26567
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2023-04-26T20:15:09.860 · Last modified 2026-06-17T05:43:36.883

Summary

Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.

Affected products

sangoma — freepbx_linux_7

Does this affect you?

Add your gear to cvedb and we'll alert you only when sangoma ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.