2020-11-03 Sangomaconnect API Vulnerability

Owned by Nathaniel Halbrooks
Last updated: Jan 31, 2024
1 min read

  • SEC-2020-008

  • Authentication Flaw: CVE-2020-28239 CVE-2020-28240

  • Overview:

    • An attack on unprotected endpoints can leak sip credentials to the attacker.

  • Impact:

CVSS Base Score: 8.4

Impact Subscore: 6.0

Exploitability Subscore: 1.8

CVSS Temporal Score: 7.0

CVSS Environmental Score: 5.1

Modified Impact Subscore: 3.8

Overall CVSS Score: 5.1

AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:L/MAC:H/MPR:H/MUI:R/MS:U/MC:H/MI:H/MA:H&version=3.1

  • Vulnerable software and versions:

    • FreePBX14 - module: sangomaconnect, affected version: <14.0.7 , fixed version: 14.0.7

    • FreePBX15 - module: sangomaconnect, affected version: <15.0.7 , fixed version: 15.0.7

  • Related Information:

    • SMOBILE-155

    • SMOBILE-169

  • Further Details:

FreePBX 14, and 15 were susceptible to an attack on the Sangomaconnect API, which might lead to leakage of sip credentials.

Before version 14.0.7/15.0.7 The following attacks could have been perpetrated:

a) An attacker could impersonate a user and get his sip credentials (assuming the attacker knows his e-mail associated with Sangomaconnect/Userman) and then once he impersonated him could get his credentials information, etc.

b) An attacker could create thousands/millions of DB entries and send bogus data to the DB.

c) An attacker could do a+b remotely (if he didn’t block the port 8443 on his firewall/pbx for inbound traffic)

The Sangoma and FreePBX team has deemed this a serious security issue, after the security flaw was reported, and immediately released a patch to resolve it. We strongly encourage all users of FreePBX 14 and 15 who have installed sangomaconnect module to upgrade to the latest sangomaconnect version. This can be done from the Module Admin GUI or fwconsole. For more information on using Module Admin, please seehttps://sangomakb.atlassian.net/wiki/spaces/PG/pages/20023939/Module+Admin+User+Guide .

For those who already have automated security updates enabled this release will be installed automatically.

Sangoma takes security seriously and requests that any future FreePBX security issue be reported at security@sangoma.com.

 

Return to Documentation Home I Return to Sangoma Support