Hyp164D1

#12187of 53,634
22.5Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-5774
9.8
2025-02-05
Asterisk · Asterisk · CVE-2024-57520
Name of the Vulnerable Software and Affected Versions: Asterisk version 22 Description: The issue allows a remote attacker to execute arbitrary code via the `action createconfig` function. This is due to an insecure permissions vulnerability. Recommendations: For Asterisk version 22, as a temporary workaround, consider disabling the `action createconfig` function until a patch is available. Restrict access to the affected function to minimize the risk of exploitation.
PT-2024-35778
7.2
2024-12-02
Freepbx · Freepbx · CVE-2024-53564
**Name of the Vulnerable Software and Affected Versions** FreePBX version 17.0.19.17 **Description** A vulnerability was discovered in FreePBX, allowing high-privilege administrators to insert unwanted files due to a lack of verification of the type of uploaded files. This issue can be exploited for remote code execution. The vulnerability requires authentication, which may lower its priority, but it still needs to be addressed. **Recommendations** For FreePBX version 17.0.19.17, patch immediately and review uploaded files for malicious content. Additionally, audit admin access to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the `/module admin/upload.php` endpoint until a patch is available.
PT-2024-35779
5.5
2024-12-02
Sangoma · Asterisk · CVE-2024-53566
**Name of the Vulnerable Software and Affected Versions** Sangoma Asterisk versions 22.0.0-pre1 through 22.0.0-rc2 **Description** The issue is related to the `action listcategories()` function, which allows attackers to execute a path traversal. This could potentially lead to unauthorized access to sensitive files or directories. **Recommendations** For Sangoma Asterisk version 22.0.0-pre1, consider disabling the `action listcategories()` function until a patch is available. For Sangoma Asterisk version 22.0.0-rc1, restrict access to the `action listcategories()` function to minimize the risk of exploitation. For Sangoma Asterisk version 22.0.0-rc2, avoid using the `action listcategories()` function in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.