CVE-2026-46515
mwtcmi · frogman
A missing authorization vulnerability in mwtcmi frogman allows authenticated users with low-level permissions to access sensitive system secrets and execute unauthorized administrative commands.
Executive summary
An authenticated missing authorization vulnerability in mwtcmi frogman enables low-privileged users to exfiltrate critical system credentials and execute administrative functions.
Vulnerability
The application fails to perform adequate authorization checks for multiple API functions, allowing users with PERM_READ access to invoke sensitive endpoints. This flaw exposes sensitive data, including Asterisk dialplan contexts, SSH commands, and raw SIP credentials.
Business impact
The exploitation of this vulnerability allows unauthorized access to sensitive configuration and authentication data. With a CVSS score of 9.3, the impact is critical: it facilitates full system compromise, potential lateral movement within the telephony infrastructure, and the exposure of proprietary communication data.
Remediation
Immediate Action: Upgrade mwtcmi frogman to version 1.6.3 or later to apply the necessary authorization checks.
Proactive Monitoring: Review access logs for unusual patterns of API calls, specifically monitoring for repeated invocations of administrative functions by low-privileged user accounts.
Compensating Controls: Implement strict network segmentation to limit access to the frogman API to known, trusted management workstations only.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The severity of this vulnerability necessitates immediate action. Administrators must prioritize updating to version 1.6.3 to close the authorization gap and prevent the exfiltration of sensitive credentials and configuration data.