CVE-2024-49215 Information
Nov 01, 2024
cve
Description
An issue was discovered in Sangoma Asterisk through 18.20.0 19.x and 20.x through 20.5.0 and 21.x through 21.0.0 and Certified Asterisk through 18.9-cert5. In manager.c the functions action_getconfig() and action_getconfigJson() do not process the input file path resulting in a path traversal vulnerability. In versions without the restrictedFile() function no processing is done on the input path. In versions with the restrictedFile() function path traversal is not processed.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/asterisk/asterisk/blob/20.5.0/main/manager.c#L3755 https://gist.github.com/hyp164D1/5d68b9b7a504f1416272a825ce65966a
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: