CVE-2019-19538

Source
https://cve.org/CVERecord?id=CVE-2019-19538
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19538.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-19538
Published
2020-03-16T21:15:12.060Z
Modified
2026-07-08T05:54:58.657982517Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "vendor_product": "sangoma:freepbx",
            "extracted_events": [
                {
                    "introduced": "14.0.0.0"
                },
                {
                    "fixed": "14.0.38.3"
                },
                {
                    "introduced": "14.0.0.0"
                },
                {
                    "fixed": "14.0.38.3"
                },
                {
                    "introduced": "15.0.0.0"
                },
                {
                    "fixed": "15.0.13.6"
                },
                {
                    "introduced": "15.0.0.0"
                },
                {
                    "fixed": "15.0.13.6"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/freepbx/core

Affected ranges

Type
GIT
Repo
https://github.com/freepbx/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.0.92"
        }
    ]
}

Affected versions

release/12.*
release/12.0.1alpha11
release/12.0.1alpha12
release/12.0.1alpha16
release/12.0.1alpha17
release/12.0.1alpha18
release/12.0.1alpha19
release/12.0.1alpha2
release/12.0.1alpha20
release/12.0.1alpha21
release/12.0.1alpha22
release/12.0.1alpha23
release/12.0.1alpha24
release/12.0.1alpha25
release/12.0.1alpha3
release/12.0.1alpha4
release/12.0.1alpha5
release/12.0.1alpha6
release/12.0.1alpha7
release/12.0.1alpha9
release/12.0.1beta10
release/12.0.1beta11
release/12.0.1beta3
release/12.0.1beta4
release/12.0.1beta5
release/12.0.1beta6
release/12.0.1beta7
release/12.0.1beta8
release/12.0.1beta9
release/12.0.1rc1
release/12.0.1rc2
release/12.0.1rc3
release/12.0.1rc4
release/12.0.1rc6
release/12.0.1rc7
release/13.*
release/13.0.10
release/13.0.11
release/13.0.13
release/13.0.14
release/13.0.15
release/13.0.16
release/13.0.17
release/13.0.18
release/13.0.19
release/13.0.1RC1.0
release/13.0.1RC1.1
release/13.0.1RC1.10
release/13.0.1RC1.11
release/13.0.1RC1.12
release/13.0.1RC1.13
release/13.0.1RC1.14
release/13.0.1RC1.15
release/13.0.1RC1.16
release/13.0.1RC1.2
release/13.0.1RC1.3
release/13.0.1RC1.4
release/13.0.1RC1.5
release/13.0.1RC1.6
release/13.0.1RC1.7
release/13.0.1RC1.8
release/13.0.1RC1.9
release/13.0.1alpha10
release/13.0.1alpha11
release/13.0.1alpha12
release/13.0.1alpha13
release/13.0.1alpha14
release/13.0.1alpha15
release/13.0.1alpha16
release/13.0.1alpha17
release/13.0.1alpha18
release/13.0.1alpha19
release/13.0.1alpha2
release/13.0.1alpha20
release/13.0.1alpha21
release/13.0.1alpha3
release/13.0.1alpha34
release/13.0.1alpha5
release/13.0.1alpha6
release/13.0.1alpha7
release/13.0.1alpha8
release/13.0.1alpha9
release/13.0.1beta1
release/13.0.1beta1.10
release/13.0.1beta1.11
release/13.0.1beta1.12
release/13.0.1beta1.13
release/13.0.1beta1.14
release/13.0.1beta1.15
release/13.0.1beta1.16
release/13.0.1beta1.17
release/13.0.1beta1.18
release/13.0.1beta1.19
release/13.0.1beta1.2
release/13.0.1beta1.20
release/13.0.1beta1.21
release/13.0.1beta1.22
release/13.0.1beta1.23
release/13.0.1beta1.24
release/13.0.1beta1.25
release/13.0.1beta1.26
release/13.0.1beta1.27
release/13.0.1beta1.28
release/13.0.1beta1.29
release/13.0.1beta1.3
release/13.0.1beta1.4
release/13.0.1beta1.5
release/13.0.1beta1.6
release/13.0.1beta1.7
release/13.0.1beta1.8
release/13.0.1beta1.9
release/13.0.2
release/13.0.20
release/13.0.21
release/13.0.22
release/13.0.23
release/13.0.24
release/13.0.25
release/13.0.26
release/13.0.27
release/13.0.28
release/13.0.29
release/13.0.3
release/13.0.30
release/13.0.31
release/13.0.33
release/13.0.34
release/13.0.35
release/13.0.36
release/13.0.37
release/13.0.38
release/13.0.38.1
release/13.0.38.2
release/13.0.39
release/13.0.4
release/13.0.40
release/13.0.41
release/13.0.42
release/13.0.43
release/13.0.44
release/13.0.45
release/13.0.46
release/13.0.47
release/13.0.48
release/13.0.49
release/13.0.5
release/13.0.50
release/13.0.51
release/13.0.52
release/13.0.53
release/13.0.54
release/13.0.55
release/13.0.56
release/13.0.57
release/13.0.58
release/13.0.59
release/13.0.6
release/13.0.60
release/13.0.61
release/13.0.62
release/13.0.63
release/13.0.65
release/13.0.66
release/13.0.67
release/13.0.68
release/13.0.69
release/13.0.7
release/13.0.70
release/13.0.71
release/13.0.72
release/13.0.73
release/13.0.74
release/13.0.75
release/13.0.76
release/13.0.77
release/13.0.78
release/13.0.79
release/13.0.8
release/13.0.80
release/13.0.81
release/13.0.82
release/13.0.83
release/13.0.84
release/13.0.85
release/13.0.86
release/13.0.87
release/13.0.88
release/13.0.89
release/13.0.9
release/13.0.90
release/13.0.91

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19538.json"

Git / github.com/freepbx/framework

Affected ranges

Type
GIT
Repo
https://github.com/freepbx/framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.0.92"
        }
    ]
}

Affected versions

release/12.*
release/12.0.0.0alpha1.0
release/12.0.1alpha1
release/12.0.1alpha10
release/12.0.1alpha11
release/12.0.1alpha12
release/12.0.1alpha13
release/12.0.1alpha14
release/12.0.1alpha16
release/12.0.1alpha17
release/12.0.1alpha18
release/12.0.1alpha19
release/12.0.1alpha2
release/12.0.1alpha20
release/12.0.1alpha21
release/12.0.1alpha22
release/12.0.1alpha23
release/12.0.1alpha24
release/12.0.1alpha25
release/12.0.1alpha26
release/12.0.1alpha27
release/12.0.1alpha28
release/12.0.1alpha29
release/12.0.1alpha3
release/12.0.1alpha30
release/12.0.1alpha31
release/12.0.1alpha32
release/12.0.1alpha4
release/12.0.1alpha5
release/12.0.1alpha7
release/13.*
release/13.0.10
release/13.0.11
release/13.0.12
release/13.0.13
release/13.0.14
release/13.0.15
release/13.0.16
release/13.0.17
release/13.0.18
release/13.0.19
release/13.0.1RC1.20
release/13.0.1RC1.21
release/13.0.1RC1.22
release/13.0.1RC1.23
release/13.0.1RC1.24
release/13.0.1RC1.25
release/13.0.1RC1.26
release/13.0.1RC1.27
release/13.0.1RC1.28
release/13.0.1RC1.30
release/13.0.1alpha10
release/13.0.1alpha11
release/13.0.1alpha12
release/13.0.1alpha14
release/13.0.1alpha15
release/13.0.1alpha16
release/13.0.1alpha17
release/13.0.1alpha18
release/13.0.1alpha19
release/13.0.1alpha2
release/13.0.1alpha20
release/13.0.1alpha21
release/13.0.1alpha22
release/13.0.1alpha23
release/13.0.1alpha24
release/13.0.1alpha25
release/13.0.1alpha26
release/13.0.1alpha27
release/13.0.1alpha28
release/13.0.1alpha29
release/13.0.1alpha3
release/13.0.1alpha30
release/13.0.1alpha31
release/13.0.1alpha32
release/13.0.1alpha33
release/13.0.1alpha34
release/13.0.1alpha35
release/13.0.1alpha36
release/13.0.1alpha37
release/13.0.1alpha38
release/13.0.1alpha39
release/13.0.1alpha4
release/13.0.1alpha40
release/13.0.1alpha41
release/13.0.1alpha42
release/13.0.1alpha43
release/13.0.1alpha44
release/13.0.1alpha45
release/13.0.1alpha46
release/13.0.1alpha47
release/13.0.1alpha48
release/13.0.1alpha49
release/13.0.1alpha5
release/13.0.1alpha50
release/13.0.1alpha51
release/13.0.1alpha52
release/13.0.1alpha53
release/13.0.1alpha54
release/13.0.1alpha55
release/13.0.1alpha56
release/13.0.1alpha57
release/13.0.1alpha58
release/13.0.1alpha59
release/13.0.1alpha6
release/13.0.1alpha60
release/13.0.1alpha61
release/13.0.1alpha62
release/13.0.1alpha63
release/13.0.1alpha64
release/13.0.1alpha65
release/13.0.1alpha66
release/13.0.1alpha67
release/13.0.1alpha68
release/13.0.1alpha69
release/13.0.1alpha7
release/13.0.1alpha8
release/13.0.1alpha9
release/13.0.1beta1
release/13.0.1beta2
release/13.0.1beta3
release/13.0.1beta3.1
release/13.0.1beta3.10
release/13.0.1beta3.11
release/13.0.1beta3.12
release/13.0.1beta3.13
release/13.0.1beta3.14
release/13.0.1beta3.15
release/13.0.1beta3.16
release/13.0.1beta3.17
release/13.0.1beta3.18
release/13.0.1beta3.19
release/13.0.1beta3.2
release/13.0.1beta3.20
release/13.0.1beta3.21
release/13.0.1beta3.22
release/13.0.1beta3.23
release/13.0.1beta3.24
release/13.0.1beta3.25
release/13.0.1beta3.3
release/13.0.1beta3.4
release/13.0.1beta3.5
release/13.0.1beta3.53
release/13.0.1beta3.54
release/13.0.1beta3.55
release/13.0.1beta3.56
release/13.0.1beta3.57
release/13.0.1beta3.58
release/13.0.1beta3.59
release/13.0.1beta3.6
release/13.0.1beta3.60
release/13.0.1beta3.61
release/13.0.1beta3.62
release/13.0.1beta3.63
release/13.0.1beta3.7
release/13.0.1beta3.9
release/13.0.20
release/13.0.22
release/13.0.23
release/13.0.24
release/13.0.25
release/13.0.26
release/13.0.27
release/13.0.28
release/13.0.29
release/13.0.30
release/13.0.31
release/13.0.33
release/13.0.34
release/13.0.35
release/13.0.36
release/13.0.37
release/13.0.38
release/13.0.39
release/13.0.4
release/13.0.41
release/13.0.42
release/13.0.43
release/13.0.44
release/13.0.45
release/13.0.46
release/13.0.47
release/13.0.48
release/13.0.49
release/13.0.5
release/13.0.50
release/13.0.51
release/13.0.52
release/13.0.53
release/13.0.54
release/13.0.55
release/13.0.56
release/13.0.57
release/13.0.58
release/13.0.59
release/13.0.6
release/13.0.60
release/13.0.61
release/13.0.61.1
release/13.0.61.2
release/13.0.61.3
release/13.0.61.4
release/13.0.62
release/13.0.63
release/13.0.64
release/13.0.65
release/13.0.66
release/13.0.67
release/13.0.68
release/13.0.69
release/13.0.7
release/13.0.70
release/13.0.71
release/13.0.72
release/13.0.73
release/13.0.74
release/13.0.76
release/13.0.77
release/13.0.78
release/13.0.79
release/13.0.8
release/13.0.80
release/13.0.81
release/13.0.82
release/13.0.83
release/13.0.84
release/13.0.85
release/13.0.86
release/13.0.87
release/13.0.88
release/13.0.89
release/13.0.9
release/13.0.90
release/13.0.91
release/2.*
release/2.11.0.0
release/2.11.0.0beta1.0
release/2.11.0.0beta1.1
release/2.11.0.0beta1.2
release/2.11.0.0beta1.3
release/2.11.0.0beta1.4
release/2.11.0.0beta1.5
release/2.11.0.0beta2.0
release/2.11.0.0beta2.1
release/2.11.0.0beta2.2
release/2.11.0.0beta2.3
release/2.11.0.0beta2.4
release/2.11.0.0beta2.5
release/2.11.0.0beta2.6
release/2.11.0.0beta2.8
release/2.11.0.0beta2.9
release/2.11.0.0rc1.0
release/2.11.0.0rc1.1
release/2.11.0.0rc1.2
release/2.11.0.0rc1.3
release/2.11.0.0rc1.4
release/2.11.0.0rc1.5
release/2.11.0.0rc1.7
release/2.11.0.1
release/2.11.0.10
release/2.11.0.11
release/2.11.0.2
release/2.11.0.3
release/2.11.0.4
release/2.11.0.5
release/2.11.0.6
release/2.11.0.7
release/2.11.0.8
release/2.11.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19538.json"