Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45310

Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser.

Published

2022-02-14T21:15:09.213

Last Modified

2024-11-21T06:32:04.880

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sangoma	switchvox	102409	Yes

References

https://github.com/IthacaLabs/Sangoma/tree/main/Switchvox_Version%20102409 Exploit, Third Party Advisory ([email protected])
https://github.com/IthacaLabs/Sangoma/tree/main/Switchvox_Version%20102409 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)