CNNVD-202602-909 Information
CNNVD ID
CNNVD-202602-909
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Asterisk是Asterisk开源的一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk 20.7-cert9之前版本、20.18.2之前版本、21.12.1之前版本、22.8.2之前版本和23.2.2之前版本存在代码问题漏洞,该漏洞源于ast_coredumper脚本加载可被修改的配置文件,可能导致执行任意bash代码。
Description (English)
Asterisk is a software for the Asterisk open source of the PBX system, which operates on the Linux system and supports IP calls using the SIP, IAX, H323 protocols. Before Asteristk 20.7-cert9 and before 20.18.2, before 21.12.1, before 22.8.2 and before 23.2.2, there was a code problem loophole, which originated from the ast creditumper script loading a modified configuration document that could lead to the implementation of any bash code.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Asterisk
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3 https://access.redhat.com/security/cve/cve-2026-23741
Patch
https://github.com/asterisk/asterisk/releases
Share on: