Skip to main content

Freeswitch CVE-2019-19492

CRITICAL
Use of Hard-coded Credentials (CWE-798)
2019-12-02 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 02, 2019 - 02:15 nvd
CRITICAL 9.8

DescriptionNVD

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

AnalysisAI

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Affected products include: Freeswitch. Version information: through 1.10.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2015-7392 HIGH POC
7.5 Oct 05

Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x

CVE-2021-41158 HIGH POC
7.5 Oct 26

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

CVE-2021-41145 HIGH POC
7.5 Oct 25

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

CVE-2021-41105 HIGH POC
7.5 Oct 25

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

CVE-2021-37624 HIGH POC
7.5 Oct 25

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

CVE-2021-36513 HIGH POC
7.5 Oct 18

An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may all

CVE-2018-19911 HIGH POC
7.5 Dec 06

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api

CVE-2013-2238 MEDIUM POC
6.8 Sep 30

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote a

CVE-2023-40019 MEDIUM POC
6.5 Sep 15

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

CVE-2023-51443 MEDIUM POC
5.9 Dec 27

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

CVE-2026-49841 CRITICAL
9.8 Jun 09

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt

CVE-2021-41157 MEDIUM POC
5.3 Oct 26

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

Share

CVE-2019-19492 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy