QwikSec

Security Database

CVE

CWE

Training

CVE-2019-12148

Published: Oct 22, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20191018 Sangoma SBC bypass authentication via argument injection - CVE-2019-12148

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/154915/Sangoma-SBC-2.3.23-119-GA-Authentication-Bypass.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.