Adam Pointon

**Name of the Vulnerable Software and Affected Versions** Asterisk versions 1.0.9 through 1.2.0-beta1 **Description** The issue allows remote attackers to access WAV files via a .. (dot dot) in the `folder` parameter of the vmail.cgi. This is a directory traversal vulnerability. **Recommendations** For Asterisk versions 1.0.9 through 1.2.0-beta1, consider restricting access to the vmail.cgi to minimize the risk of exploitation. As a temporary workaround, avoid using the `folder` parameter in the vmail.cgi until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.