Overview
- Description
- An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In manager.c, the functions action_getconfig() and action_getconfigJson() do not process the input file path, resulting in a path traversal vulnerability. In versions without the restrictedFile() function, no processing is done on the input path. In versions with the restrictedFile() function, path traversal is not processed.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
CVE-2024-49215 Path Traversal Vulnerability in Sangoma Asterisk Across Multiple Versions A vulnerability was found in Sangoma Asterisk versions up to 18.20.0, 19.x and 20.x up to 20.5.0, and 21.x up to 21.0.0, as... https://t.co/KFmfq5uEwP
@VulmonFeeds
21 Oct 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49215 An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In mana… https://t.co/HyGVmfmidl
@CVEnew
21 Oct 2024
75 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BFD0CA0-BFF0-4EF4-88D4-E8FAD0136484",
"versionEndIncluding": "18.20.0"
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A39CF22-38A4-4821-B520-EEC0D8B597DF",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "19.0.0"
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:21.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A79517D4-22AC-4C30-9F30-44EF6688817E"
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B71A493F-F47B-4F19-AD21-3800DE63DF5A",
"versionEndExcluding": "18.9"
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E"
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD3BBA39-95EC-462F-8F5A-15E8D07CC804"
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042"
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C"
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B"
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1"
}
],
"operator": "OR"
}
]
}
]