Thattotallyrealmyth

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** Asterisk is a private branch exchange and telephony toolkit. User-controlled values from Cookies and GET query parameters are directly inserted into HTML pages using the `ast str append` function. The `/httpstatus` endpoint is potentially vulnerable. This can lead to the injection of user-supplied data into the HTML output. **Recommendations** Update to Asterisk version 20.7-cert9 or later. Update to Asterisk version 20.18.2 or later. Update to Asterisk version 21.12.1 or later. Update to Asterisk version 22.8.2 or later. Update to Asterisk version 23.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** The `ast xml open()` function in Asterisk’s xml.c component utilizes libxml with insecure parsing options, specifically enabling entity expansion and XInclude processing. This occurs when invoking `xmlReadFile()` with the XML PARSE NOENT flag, followed by processing XIncludes via `xmlXIncludeProcess()`. If an attacker can provide untrusted or user-supplied XML input, they may be able to trigger a XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. The issue is triggered when the Asterisk process parses XML input supplied by the user. **Recommendations** Update to Asterisk version 20.7-cert9 or later. Update to Asterisk version 20.18.2 or later. Update to Asterisk version 21.12.1 or later. Update to Asterisk version 22.8.2 or later. Update to Asterisk version 23.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** Asterisk is a private branch exchange and telephony toolkit. A flaw exists where the `ast coredumper` component, when writing gdb init and output files to a world-writable directory, allows a user with write access to that directory to execute arbitrary commands as root or overwrite arbitrary files. This is achieved by controlling the gdb init file and output paths. **Recommendations** Update Asterisk to version 20.7-cert9 or later. Update Asterisk to version 20.18.2 or later. Update Asterisk to version 21.12.1 or later. Update Asterisk to version 22.8.2 or later. Update Asterisk to version 23.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 **Description** The `asterisk/contrib/scripts/ast coredumper` script runs with root privileges. The script sources the `/etc/asterisk/ast debug tools.conf` file, which is located in a directory writable by the asterisk user and group. An attacker with write access to this directory can modify the `/etc/asterisk/ast debug tools.conf` file to include arbitrary bash code. When the root-privileged `ast coredumper` script is executed, it will source and execute this malicious code. The vulnerable script is `ast coredumper`. The vulnerable file is `/etc/asterisk/ast debug tools.conf`. **Recommendations** Update to Asterisk version 20.7-cert9 or later. Update to Asterisk version 20.18.2 or later. Update to Asterisk version 21.12.1 or later. Update to Asterisk version 22.8.2 or later. Update to Asterisk version 23.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** FreePBX versions prior to 16.0.45 FreePBX versions prior to 17.0.24 **Description** FreePBX is a web-based graphical user interface for managing Asterisk. A local privilege escalation exists in the deprecated FreePBX startup script `amportal` in versions prior to 16.0.45 and 17.0.24. The `amportal` utility searches for the `freepbx engine` file in `/etc/asterisk/` directories, which are typically writable by the `asterisk` user and members of the `asterisk` group. An attacker who is a member of the `asterisk` group can place a malicious `freepbx engine` file in `/etc/asterisk/`, which will then be executed with root privileges when `amportal` runs. The `System()` and `FILE()` functions are examples of Asterisk dial plan applications and functions that can potentially manipulate the file system. **Recommendations** FreePBX versions prior to 16.0.45 should be updated to version 16.0.45 or later. FreePBX versions prior to 17.0.24 should be updated to version 17.0.24 or later. Confirm only trusted local OS system users are members of the `asterisk` group. Look for suspicious files in the `/etc/asterisk/` directory via the Admin -> Config Edit interface in the GUI, or via the command line interface. Double-check that `live dangerously = no` is set (or unconfigured, as the default is 'no') in the `/etc/asterisk/asterisk.conf` file. Eliminate any unsafe custom use of Asterisk dial plan applications and functions that potentially can manipulate the file system, such as `System()` and `FILE()`.