Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability affects Sangoma Switchvox SMB Edition, a type of VoIP and PBX system. An unauthenticated attacker could exploit this to run unauthorized commands on the system by sending a specially crafted request. The main concern is confirming if this specific system is in use and exposed.
- Unauthenticated attackers can run commands.
- Vital for verifying system exposure and relevance.
- Ensure internal systems are not accessible externally.
Attack Path
How an attacker could exploit the issue
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted request to the `/pa` endpoint. This endpoint processes XML content and is susceptible to SQL injection because it concatenates user-controlled data directly into database queries without proper sanitization. Successfully triggering this vulnerability allows an attacker to execute arbitrary SQL commands on the backend database.
- No authentication or user interaction is required.
- A crafted XML request to the `/pa` endpoint triggers it.
- Risk includes arbitrary SQL execution and potential code execution.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL statements against the backend PostgreSQL database. This is possible when the /pa endpoint processes XML content and directly concatenates user-controlled input into database queries without proper sanitization. This could lead to database operations and potentially remote code execution when supported by the advisory.
- PostgreSQL database is at risk.
- Unauthenticated network requests can exploit it.
- Database compromise or code execution.
Operational Fix
Recommended remediation, mitigation, and detection steps
This critical SQL injection vulnerability in Sangoma Switchvox SMB Edition affects the /pa endpoint, allowing unauthenticated remote attackers to execute arbitrary SQL statements. Given the product's role as a communication platform, the first practical step is to identify all instances, confirm their network exposure and business criticality, and then engage the accountable owner to prioritize remediation, which may involve vendor coordination or temporary risk reduction measures.
- Identify affected systems and owners.
- Verify network reachability and criticality.
- Plan remediation based on risk.