Severity by source
AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
AnalysisAI
Sangoma Switchvox before version 8.4 stores SIP authentication credentials in cleartext within backup files, allowing local attackers with physical or filesystem access to recover credentials with low complexity. This information disclosure vulnerability affects systems using the default backup functionality and has a publicly documented proof-of-concept exploit available on GitHub.
Technical ContextAI
Sangoma Switchvox is a VoIP PBX system that uses the Session Initiation Protocol (SIP) for call signaling and authentication. The vulnerability stems from improper credential handling during backup file generation - specifically, the backup archive (.svb files based on POC repository naming) retains SIP authentication credentials in plaintext format rather than encrypting or redacting them. CWE-312 (Cleartext Storage of Sensitive Information) classifies this root cause: sensitive data (authentication credentials) is persisted to storage media without encryption. An attacker with access to backup files can trivially extract these credentials and impersonate legitimate SIP endpoints or authenticate as system users.
RemediationAI
Vendor-released patch: Upgrade Sangoma Switchvox to version 8.4 or later, which remediates cleartext credential storage in backups. For organizations unable to immediately upgrade, implement compensating controls: restrict filesystem access to backup directories using operating system-level permissions (limit to backup service account only, remove world-readable bits); encrypt backup files using AES-256 or equivalent at rest using the host OS or backup software encryption (trade-off: increases CPU overhead during backup/restore, requires secure key management); disable automated backups temporarily and perform manual encrypted backups to isolated, air-gapped storage; regularly audit backup file permissions and access logs using tools like auditd (Linux) or Windows File Auditing to detect unauthorized access. If backups are transported over the network, enforce TLS 1.2+ for all transfers. For existing backups created before patching, regenerate them after upgrading to avoid lingering exposure. See Sangoma advisory at https://github.com/sangoma/security-switchvox/security/advisories/GHSA-mfm3-g35x-c9w8 for detailed patching instructions.
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29354
GHSA-cxjw-p2qh-7hv8