Threat Intelligence / CVE / CVE-2019-19006
CVE-2019-19006
CISA KEVSangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-287
Threats tracking this CVE
References
- https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772
- https://pastebin.com/2CdsQMKW
- https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass
- https://www.freepbx.org/category/blog/
- https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772
- https://pastebin.com/2CdsQMKW
- https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass
- https://www.freepbx.org/category/blog/
- https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19006
Full detection coverage & IOCs for threats exploiting CVE-2019-19006 are available via the Threadlinqs MCP server (Purple tier). View plans →