Thattotallyrealmyth

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** Asterisk is a private branch exchange and telephony toolkit. User-controlled values from Cookies and GET query parameters are directly inserted into HTML pages using the `ast str append` function. The `/httpstatus` endpoint is potentially vulnerable. This can lead to the injection of user-supplied data into the HTML output. **Recommendations** Update to Asterisk version 20.7-cert9 or later. Update to Asterisk version 20.18.2 or later. Update to Asterisk version 21.12.1 or later. Update to Asterisk version 22.8.2 or later. Update to Asterisk version 23.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** The `ast xml open()` function in Asterisk’s xml.c component utilizes libxml with insecure parsing options, specifically enabling entity expansion and XInclude processing. This occurs when invoking `xmlReadFile()` with the XML PARSE NOENT flag, followed by processing XIncludes via `xmlXIncludeProcess()`. If an attacker can provide untrusted or user-supplied XML input, they may be able to trigger a XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. The issue is triggered when the Asterisk process parses XML input supplied by the user. **Recommendations** Update to Asterisk version 20.7-cert9 or later. Update to Asterisk version 20.18.2 or later. Update to Asterisk version 21.12.1 or later. Update to Asterisk version 22.8.2 or later. Update to Asterisk version 23.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** Asterisk is a private branch exchange and telephony toolkit. A flaw exists where the `ast coredumper` component, when writing gdb init and output files to a world-writable directory, allows a user with write access to that directory to execute arbitrary commands as root or overwrite arbitrary files. This is achieved by controlling the gdb init file and output paths. **Recommendations** Update Asterisk to version 20.7-cert9 or later. Update Asterisk to version 20.18.2 or later. Update Asterisk to version 21.12.1 or later. Update Asterisk to version 22.8.2 or later. Update Asterisk to version 23.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** The `asterisk/contrib/scripts/ast coredumper` script runs with root privileges. The script sources the `/etc/asterisk/ast debug tools.conf` file, which is located in a directory writable by the asterisk user and group. An attacker with write access to this directory can modify the `/etc/asterisk/ast debug tools.conf` file to include arbitrary bash code. When the root-privileged `ast coredumper` script is executed, it will source and execute this malicious code. The vulnerable script is `ast coredumper`. The vulnerable file is `/etc/asterisk/ast debug tools.conf`. **Recommendations** Update to Asterisk version 20.7-cert9 or later. Update to Asterisk version 20.18.2 or later. Update to Asterisk version 21.12.1 or later. Update to Asterisk version 22.8.2 or later. Update to Asterisk version 23.2.2 or later.

**Nome do Software Vulnerável e Versões Afetadas** Versões do FreePBX anteriores à 16.0.45 Versões do FreePBX anteriores à 17.0.24 **Descrição** O FreePBX é uma interface gráfica de usuário baseada na web para gerenciar o Asterisk. Existe uma vulnerabilidade de escalonamento de privilégio local no script de inicialização obsoleto do FreePBX, `amportal`, em versões anteriores à 16.0.45 e 17.0.24. O utilitário `amportal` busca pelo arquivo `freepbx engine` nos diretórios `/etc/asterisk/`, que são tipicamente graváveis pelo usuário `asterisk` e membros do grupo `asterisk`. Um atacante que seja membro do grupo `asterisk` pode inserir um arquivo `freepbx engine` malicioso em `/etc/asterisk/`, o qual será então executado com privilégios de root quando o `amportal` for executado. As funções `System()` e `FILE()` são exemplos de aplicações e funções do plano de discagem do Asterisk que podem potencialmente manipular o sistema de arquivos. **Recomendações** Versões do FreePBX anteriores à 16.0.45 devem ser atualizadas para a versão 16.0.45 ou posterior. Versões do FreePBX anteriores à 17.0.24 devem ser atualizadas para a versão 17.0.24 ou posterior. Confirme se apenas usuários confiáveis do sistema operacional local são membros do grupo `asterisk`. Busque por arquivos suspeitos no diretório `/etc/asterisk/` através da interface Admin -> Config Edit na GUI, ou via interface de linha de comando. Certifique-se de que `live dangerously = no` esteja definido (ou não configurado, pois o padrão é 'no') no arquivo `/etc/asterisk/asterisk.conf`. Elimine qualquer uso personalizado inseguro de aplicações e funções do plano de discagem do Asterisk que possam potencialmente manipular o sistema de arquivos, como `System()` e `FILE()`.