CVE-2019-15059

In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
lispbx_projectlispbx
2.0-4
lispbx_projectlispbx
2.0-5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/famatte69/52e6ad03d0f23428b92bd029c856112c
https://gist.github.com/famatte69/52e6ad03d0f23428b92bd029c856112c