Shawty

**Name of the Vulnerable Software and Affected Versions** Sangoma Asterisk versions 16.28 and earlier, 17, 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1 **Description** An issue was discovered in Sangoma Asterisk that allows a connected application to access files outside of the asterisk configuration directory via the Asterisk Manager Interface, specifically through the GetConfig function, resulting in a directory traversal issue. **Recommendations** For versions 16.28 and earlier, 17, 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1, consider restricting access to the GetConfig function via the Asterisk Manager Interface until a patch is available. As a temporary workaround, consider disabling the Asterisk Manager Interface to minimize the risk of exploitation. Restrict access to sensitive files and directories to prevent unauthorized access.