NVD disclosure day

Published threat advisories for November 21, 2019

CVE-2019-19006

Sangoma FreePBX Authentication Bypass Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Certain Sangoma FreePBX versions have an access control flaw enabling unauthorized access. This could lead to data compromise or service disruption, posing a business risk.

NVD published: November 21, 2019 • CISA KEV

CVE advisoryKnown Exploit

CVE-2019-6693

FortiOS Configuration Data Exposure

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability exists in FortiOS configuration backups, allowing attackers with file access to decipher sensitive data like user passwords using a hard-coded key. This impacts organizations by exposing credentials and configurations.

NVD published: November 21, 2019 • CISA KEV