CyberSec.Space Logo
Back to CVE Browser

CVE-2020-27613

HIGH
8.4
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile34.77th
PublishedOct 21, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

Affected Platforms (CPE)

📦
Bigbluebutton

Bigbluebutton

< 2.2.28

References & Advisories

🔗 https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html
🔗 https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html

Related Vulnerabilities

CVE-2020-276029.8

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

CVE-2020-124439.8

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pd...

CVE-2020-276059.8

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks...

CVE-2020-261638.8

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a vict...