Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-42706
HistoryDec 05, 2022 - 9:15 p.m.

CVE-2022-42706

2022-12-0521:15:10
Debian Security Bug Tracker
security-tracker.debian.org
13
sangoma
asterisk
unauthorized access

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.

OSVersionArchitecturePackageVersionFilename
Debian11allasterisk< 1:16.28.0~dfsg-0+deb11u2asterisk_1:16.28.0~dfsg-0+deb11u2_all.deb
Debian10allasterisk< 1:16.28.0~dfsg-0+deb10u2asterisk_1:16.28.0~dfsg-0+deb10u2_all.deb
Debian999allasterisk< 1:20.0.1~dfsg+~cs6.12.40431414-1asterisk_1:20.0.1~dfsg+~cs6.12.40431414-1_all.deb

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%