PT-2022-26511 · Sangoma+1 · Asterisk+1
Shawty
·
Published
2022-12-05
·
Updated
2025-02-13
·
CVE-2022-42706
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sangoma Asterisk versions 16.28 and earlier, 17, 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1
Description
An issue was discovered in Sangoma Asterisk that allows a connected application to access files outside of the asterisk configuration directory via the Asterisk Manager Interface, specifically through the GetConfig function, resulting in a directory traversal issue.
Recommendations
For versions 16.28 and earlier, 17, 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1, consider restricting access to the GetConfig function via the Asterisk Manager Interface until a patch is available.
As a temporary workaround, consider disabling the Asterisk Manager Interface to minimize the risk of exploitation.
Restrict access to sensitive files and directories to prevent unauthorized access.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Asterisk