Details of VAR-202202-1769

ID

VAR-202202-1769

CVE

CVE-2021-45310

TITLE

Sangoma Technologies Corporation Switchvox Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005603

DESCRIPTION

Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser

Trust: 1.71

sources: NVD: CVE-2021-45310 // JVNDB: JVNDB-2022-005603 // VULHUB: VHN-408941

AFFECTED PRODUCTS

vendor:	sangoma	model:	switchvox	scope:	eq	version:	102409	Trust: 1.8
vendor:	sangoma	model:	switchvox	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005603 // NVD: CVE-2021-45310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45310
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-45310
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-1168
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-408941
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45310
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-408941
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-45310
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45310
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-408941 // JVNDB: JVNDB-2022-005603 // CNNVD: CNNVD-202202-1168 // NVD: CVE-2021-45310

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-408941 // JVNDB: JVNDB-2022-005603 // NVD: CVE-2021-45310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1168

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202202-1168

PATCH

title:	Sangoma/Switchvox_Version 102409/	url:	https://github.com/IthacaLabs/Sangoma/tree/main/Switchvox_Version%20102409	Trust: 0.8
title:	Sangoma Technologies Corporation Switchvox Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183411	Trust: 0.6

sources: JVNDB: JVNDB-2022-005603 // CNNVD: CNNVD-202202-1168

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45310	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005603	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-1168	Trust: 0.7
db:	VULHUB	id:	VHN-408941	Trust: 0.1

sources: VULHUB: VHN-408941 // JVNDB: JVNDB-2022-005603 // CNNVD: CNNVD-202202-1168 // NVD: CVE-2021-45310

REFERENCES

url:	https://github.com/ithacalabs/sangoma/tree/main/switchvox_version%20102409	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45310	Trust: 0.8

sources: VULHUB: VHN-408941 // JVNDB: JVNDB-2022-005603 // CNNVD: CNNVD-202202-1168 // NVD: CVE-2021-45310

SOURCES

db:	VULHUB	id:	VHN-408941
db:	JVNDB	id:	JVNDB-2022-005603
db:	CNNVD	id:	CNNVD-202202-1168
db:	NVD	id:	CVE-2021-45310

LAST UPDATE DATE

2024-11-23T22:04:57.589000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-408941	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-005603	date:	2023-06-07T02:58:00
db:	CNNVD	id:	CNNVD-202202-1168	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-45310	date:	2024-11-21T06:32:04.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-408941	date:	2022-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-005603	date:	2023-06-07T00:00:00
db:	CNNVD	id:	CNNVD-202202-1168	date:	2022-02-14T00:00:00
db:	NVD	id:	CVE-2021-45310	date:	2022-02-14T21:15:09.213