Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-42706
HistoryDec 05, 2022 - 9:15 p.m.

CVE-2022-42706

2022-12-0521:15:10
Debian Security Bug Tracker
security-tracker.debian.org
13

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.

OSVersionArchitecturePackageVersionFilename
Debian11allasterisk< 1:16.28.0~dfsg-0+deb11u2asterisk_1:16.28.0~dfsg-0+deb11u2_all.deb
Debian10allasterisk< 1:16.28.0~dfsg-0+deb10u2asterisk_1:16.28.0~dfsg-0+deb10u2_all.deb
Debian999allasterisk< 1:20.0.1~dfsg+~cs6.12.40431414-1asterisk_1:20.0.1~dfsg+~cs6.12.40431414-1_all.deb

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%