CVE-2019-12147

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt.

CVSS v3 9.8 CRITICAL
CVSS v2.0 5.0 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/154914/Sangoma-SBC-2.3.23-119-GA-Unauthenticated-User-Creation.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/Oct/40	Exploit Mailing List Third Party Advisory
https://blog.appsecco.com	Not Applicable

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sangoma:session_border_controller_firmware:2.3.23-119-ga:*:*:*:*:*:*:*

cpe:2.3:h:sangoma:session_border_controller:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-10-22 16:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-12147

Mitre link : CVE-2019-12147

CVE.ORG link : CVE-2019-12147

JSON object : View

Products Affected

sangoma

session_border_controller_firmware
session_border_controller

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

{"id": "CVE-2019-12147", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-10-22T16:15:10.707", "references": [{"url": "http://packetstormsecurity.com/files/154914/Sangoma-SBC-2.3.23-119-GA-Unauthenticated-User-Creation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/Oct/40", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.appsecco.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt."}, {"lang": "es", "value": "La interfaz web GA de Sangoma Session Border Controller (SBC) versi\u00f3n 2.3.23-119, es vulnerable a una Inyecci\u00f3n de Argumentos mediante caracteres especiales en el campo username. Tras una explotaci\u00f3n con \u00e9xito, un usuario no autenticado remoto puede crear un usuario del sistema local con privilegios de sudo, y usar ese usuario para iniciar sesi\u00f3n en el sistema (bien sea por medio de la interfaz web o mediante SSH) para lograr un compromiso completo del dispositivo. Esto afecta a los archivos /var/webconfig/gui/Webconfig.inc.php y /usr/local/sng/bin/sng-user-mgmt."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sangoma:session_border_controller_firmware:2.3.23-119-ga:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFF84F0-DC4E-4584-867B-A3A6D777F325"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sangoma:session_border_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD535F8D-3066-4D4F-A3B3-C547D19D2A2D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}