PT-2026-6749 · Asterisk · Asterisk
Thattotallyrealmyth
·
Published
2026-01-01
·
Updated
2026-02-06
·
CVE-2026-23740
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Asterisk versions prior to 20.7-cert9
Asterisk versions prior to 20.18.2
Asterisk versions prior to 21.12.1
Asterisk versions prior to 22.8.2
Asterisk versions prior to 23.2.2
Description
Asterisk is a private branch exchange and telephony toolkit. A flaw exists where the
ast coredumper component, when writing gdb init and output files to a world-writable directory, allows a user with write access to that directory to execute arbitrary commands as root or overwrite arbitrary files. This is achieved by controlling the gdb init file and output paths.Recommendations
Update Asterisk to version 20.7-cert9 or later.
Update Asterisk to version 20.18.2 or later.
Update Asterisk to version 21.12.1 or later.
Update Asterisk to version 22.8.2 or later.
Update Asterisk to version 23.2.2 or later.
Exploit
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk