Description
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
Published: 2026-05-12
Score: 3.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Sangoma Switchvox software versions prior to 8.4 generate backup archives that store SIP authentication credentials in plain text. This flaw allows anyone with access to the backup file to read the authentication tokens, potentially gaining unauthorized access to the VoIP system.

Affected Systems

The affected product is Sangoma Switchvox, all releases earlier than version 8.4. Customers using those versions should verify backup files for cleartext credentials.

Risk and Exploitability

The CVSS score of 3.2 indicates low severity; however, the exposure of authentication credentials can enable lateral movement and unauthorized control of calls. No EPSS data and the vulnerability is not listed in the KEV catalog. The likely attack vector is local or network access to the device's backup storage, where an attacker who can read or obtain the backup file can exploit the flaw.

Generated by OpenCVE AI on May 12, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Switchvox to version 8.4 or newer, which removes cleartext credentials from backup files.
  • If upgrading is not immediately possible, locate and delete any existing backup archives that contain cleartext SIP credentials.
  • Restrict filesystem permissions on backup directories so that only privileged administrators can access them.

Generated by OpenCVE AI on May 12, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 03:15:00 +0000

Type Values Removed Values Added
Title Cleartext SIP Credentials Stored in Switchvox Backup Files

Tue, 12 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
First Time appeared Sangoma
Sangoma switchvox
Weaknesses CWE-312
CPEs cpe:2.3:a:sangoma:switchvox:*:*:*:*:*:*:*:*
Vendors & Products Sangoma
Sangoma switchvox
References
Metrics cvssV3_1

{'score': 3.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Sangoma Switchvox
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-12T13:22:20.890Z

Reserved: 2026-05-12T00:40:57.663Z

Link: CVE-2026-45362

cve-icon Vulnrichment

Updated: 2026-05-12T13:22:16.598Z

cve-icon NVD

Status : Received

Published: 2026-05-12T01:16:47.017

Modified: 2026-05-12T01:16:47.017

Link: CVE-2026-45362

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T03:00:06Z

Weaknesses