Sign-up

ID

VAR-201910-1676


CVE

CVE-2019-12147


TITLE

Sangoma Session Border Controller Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011393

DESCRIPTION

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. Sangoma Technologies SBC is a Border Session Controller (SBC) from Sangoma Technologies of Canada. A security vulnerability exists in the Sangoma Technologies SBC 2.3.23-119-GA version. Attackers can use the application's login interface to exploit the vulnerability to create privileged accounts on the system

Trust: 2.16

sources: NVD: CVE-2019-12147 // JVNDB: JVNDB-2019-011393 // CNVD: CNVD-2019-37727

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-37727

AFFECTED PRODUCTS

vendor:sangomamodel:session border controllerscope:eqversion:2.3.23-119-ga

Trust: 1.0

vendor:sangomamodel:session border controllerscope:eqversion:2.3.23-119 ga

Trust: 0.8

vendor:sangomamodel:sbc 2.3.23-119-gascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-37727 // JVNDB: JVNDB-2019-011393 // NVD: CVE-2019-12147

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2019-12147
value: CRITICAL

Trust: 1.8

CNVD: CNVD-2019-37727
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-1229
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2019-12147
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-37727
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-12147
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-37727 // JVNDB: JVNDB-2019-011393 // NVD: CVE-2019-12147 // CNNVD: CNNVD-201910-1229

PROBLEMTYPE DATA

problemtype:CWE-88

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-011393 // NVD: CVE-2019-12147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1229

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-1229

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2019-12147

PATCH
title:Session Border Controllersurl:https://www.sangoma.com/voip-security/session-border-controllers/
Trust: 0.8
title:Patch for Unknown vulnerability in Sangoma Technologies SBCurl:https://www.cnvd.org.cn/patchinfo/show/187529
Trust: 0.6
title:Sangoma Technologies SBC Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=101246
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37727 // 
            
            
            
            JVNDB: JVNDB-2019-011393 // 
            
            
            
            CNNVD: CNNVD-201910-1229

EXTERNAL IDS
db:NVDid:CVE-2019-12147
Trust: 3.0
db:PACKETSTORMid:154914
Trust: 3.0
db:JVNDBid:JVNDB-2019-011393
Trust: 0.8
db:CNVDid:CNVD-2019-37727
Trust: 0.6
db:CNNVDid:CNNVD-201910-1229
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37727 // 
            
            
            
            JVNDB: JVNDB-2019-011393 // 
            
            
            
            NVD: CVE-2019-12147 // 
            
            
            
            CNNVD: CNNVD-201910-1229

REFERENCES
url:http://packetstormsecurity.com/files/154914/sangoma-sbc-2.3.23-119-ga-unauthenticated-user-creation.html
Trust: 3.0
url:http://seclists.org/fulldisclosure/2019/oct/40
Trust: 1.6
url:https://blog.appsecco.com
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-12147
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12147
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-37727 // 
            
            
            
            JVNDB: JVNDB-2019-011393 // 
            
            
            
            NVD: CVE-2019-12147 // 
            
            
            
            CNNVD: CNNVD-201910-1229

CREDITS
Appsecco Security Team
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-1229

SOURCES
db:CNVDid:CNVD-2019-37727
db:JVNDBid:JVNDB-2019-011393
db:NVDid:CVE-2019-12147
db:CNNVDid:CNNVD-201910-1229

LAST UPDATE DATE
2023-12-18T12:50:00.135000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-37727date:2019-10-29T00:00:00
db:JVNDBid:JVNDB-2019-011393date:2019-11-06T00:00:00
db:NVDid:CVE-2019-12147date:2020-08-24T17:37:01.140
db:CNNVDid:CNNVD-201910-1229date:2020-09-02T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-37727date:2019-10-29T00:00:00
db:JVNDBid:JVNDB-2019-011393date:2019-11-06T00:00:00
db:NVDid:CVE-2019-12147date:2019-10-22T16:15:10.707
db:CNNVDid:CNNVD-201910-1229date:2019-10-18T00:00:00