CyberSec.Space Logo
Back to CVE Browser

CVE-2019-19006

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score55.4310%
EPSS Percentile90.36th
PublishedNov 21, 2019
Last ModifiedFeb 4, 2026

Vulnerability Description

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

Affected Platforms (CPE)

πŸ“¦
Sangoma

Freepbx

>= 13.0.0.0 and <= 13.0.197.13
πŸ“¦
Sangoma

Freepbx

>= 14.0.0.0 and <= 14.0.13.11
πŸ“¦
Sangoma

Freepbx

>= 15.0.0.0 and <= 15.0.16.26

References & Advisories

πŸ”— https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772
πŸ”— https://pastebin.com/2CdsQMKW
πŸ”— https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass
πŸ”— https://www.freepbx.org/category/blog/
πŸ”— https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772
πŸ”— https://pastebin.com/2CdsQMKW
πŸ”— https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass
πŸ”— https://www.freepbx.org/category/blog/

Related Vulnerabilities

CVE-2014-723510.0

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, an...

CVE-2021-454619.8

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attacke...

CVE-2020-106669.8

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execu...

CVE-2006-62447.5

Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands vi...