CVE-2026-45362: CWE-312 Cleartext Storage of Sensitive Information in Sangoma Switchvox
CVE-2026-45362 is a vulnerability in Sangoma Switchvox versions before 8. 4 where SIP authentication credentials are stored in cleartext within backup files. This cleartext storage of sensitive information could potentially expose credentials if backup files are accessed by unauthorized parties. The vulnerability has a low severity rating and a CVSS score of 3. 2, indicating limited impact and requiring local access with high attack complexity to exploit. No official patch or remediation guidance is currently provided by the vendor, and no known exploits are reported in the wild.
AI Analysis
Technical Summary
Sangoma Switchvox before version 8.4 stores SIP authentication credentials in cleartext in backup files, constituting a CWE-312 vulnerability. This improper storage of sensitive information could lead to credential exposure if backup files are compromised. The CVSS 3.1 score is 3.2 (low), with an attack vector requiring local access, high complexity, no privileges, and no user interaction. The vulnerability affects confidentiality but not integrity or availability. No official fix or patch has been documented as of the publication date.
Potential Impact
The impact is limited to potential disclosure of SIP authentication credentials through backup files stored in cleartext. This could allow an attacker with local access to the system and access to backup files to obtain sensitive credentials. There is no impact on system integrity or availability. The low CVSS score reflects the limited scope and difficulty of exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to backup files to trusted administrators only and secure backup storage locations to prevent unauthorized access. Monitor vendor communications for updates regarding patches or official mitigations.
CVE-2026-45362: CWE-312 Cleartext Storage of Sensitive Information in Sangoma Switchvox
Description
CVE-2026-45362 is a vulnerability in Sangoma Switchvox versions before 8. 4 where SIP authentication credentials are stored in cleartext within backup files. This cleartext storage of sensitive information could potentially expose credentials if backup files are accessed by unauthorized parties. The vulnerability has a low severity rating and a CVSS score of 3. 2, indicating limited impact and requiring local access with high attack complexity to exploit. No official patch or remediation guidance is currently provided by the vendor, and no known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Sangoma Switchvox before version 8.4 stores SIP authentication credentials in cleartext in backup files, constituting a CWE-312 vulnerability. This improper storage of sensitive information could lead to credential exposure if backup files are compromised. The CVSS 3.1 score is 3.2 (low), with an attack vector requiring local access, high complexity, no privileges, and no user interaction. The vulnerability affects confidentiality but not integrity or availability. No official fix or patch has been documented as of the publication date.
Potential Impact
The impact is limited to potential disclosure of SIP authentication credentials through backup files stored in cleartext. This could allow an attacker with local access to the system and access to backup files to obtain sensitive credentials. There is no impact on system integrity or availability. The low CVSS score reflects the limited scope and difficulty of exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to backup files to trusted administrators only and secure backup storage locations to prevent unauthorized access. Monitor vendor communications for updates regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-05-12T00:40:57.663Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a028743cbff5d86108b5061
Added to database: 5/12/2026, 1:49:55 AM
Last enriched: 5/12/2026, 1:51:16 AM
Last updated: 5/12/2026, 2:53:46 AM
Views: 64
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.