CVE-2019-12148 - OpenCVE

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sangoma	Session Border Controller Session Border Controller Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sangoma:session_border_controller_firmware:2.3.23-119-ga:*:*:*:*:*:*:*

cpe:2.3:h:sangoma:session_border_controller:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2019/Oct/41

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-22T15:20:37

Updated: 2024-08-04T23:10:30.878Z

Reserved: 2019-05-16T00:00:00

Link: CVE-2019-12148

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-22T16:15:10.797

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-12148

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-22T15:20:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20191018 Sangoma SBC bypass authentication via argument injection - CVE-2019-12148", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Oct/41"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12148", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20191018 Sangoma SBC bypass authentication via argument injection - CVE-2019-12148", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Oct/41"}, {"name": "http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:10:30.878Z"}, "title": "CVE Program Container", "references": [{"name": "20191018 Sangoma SBC bypass authentication via argument injection - CVE-2019-12148", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Oct/41"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12148", "datePublished": "2019-10-22T15:20:37", "dateReserved": "2019-05-16T00:00:00", "dateUpdated": "2024-08-04T23:10:30.878Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sangoma:session_border_controller_firmware:2.3.23-119-ga:*:*:*:*:*:*:*", "matchCriteriaId": "4FFF84F0-DC4E-4584-867B-A3A6D777F325", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sangoma:session_border_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD535F8D-3066-4D4F-A3B3-C547D19D2A2D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php."}, {"lang": "es", "value": "La interfaz web GA de Sangoma Session Border Controller (SBC) versi\u00f3n 2.3.23-119, es vulnerable a una omisi\u00f3n de autenticaci\u00f3n por medio de una vulnerabilidad de inyecci\u00f3n de argumentos que implica caracteres especiales en el campo username. Tras una explotaci\u00f3n con \u00e9xito, un usuario no autenticado remoto puede iniciar sesi\u00f3n en el portal web de administraci\u00f3n del dispositivo sin proporcionar ninguna credencial. Esto afecta al archivo /var/webconfig/gui/Webconfig.inc.php."}], "id": "CVE-2019-12148", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-22T16:15:10.797", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Oct/41"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}