CVE-2022-42706 Information

Description

An issue was discovered in Sangoma Asterisk through 16.28 17 and 18 through 18.14 19 through 19.6 and certified through 18.9-cert1. GetConfig via Asterisk Manager Interface allows a connected application to access files outside of the asterisk configuration directory aka Directory Traversal.

Reference

https://downloads.asterisk.org/pub/security/AST-2022-009.html