Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access servic…

CVE-2019-19006 is a critical improper authentication vulnerability in Sangoma FreePBX that allows unauthorized users to bypass password authentication and gain access to FreePBX admin services. This vulnerability enables remote attackers to access administrative functions without proper credentials, potentially leading to complete system compromise. The vulnerability affects the authentication mechanism of FreePBX, a popular open-source PBX system. CISA has documented this vulnerability with a high criticality rating due to the potential for administrative access bypass. The vulnerability was disclosed on November 20, 2019, with documentation available through the FreePBX wiki and the National Vulnerability Database.