Lucene search

K

[email protected]NVD:CVE-2022-42706

HistoryDec 05, 2022 - 9:15 p.m.

CVE-2022-42706

2022-12-0521:15:10

CWE-22

[email protected]

web.nvd.nist.gov

2

sangoma

asterisk

directory traversal

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.

Affected configurations

NVD

Node

sangomaasteriskRange16.0.0–16.29.1

OR

sangomaasteriskRange17.0.0–18.15.1

OR

sangomaasteriskRange19.0.0–19.7.1

OR

sangomaasteriskMatch20.0.0

OR

sangomacertified_asteriskRange<18.9

OR

sangomacertified_asteriskMatch18.9cert1

References

downloads.asterisk.org/pub/security/AST-2022-009.html

lists.debian.org/debian-lts-announce/2023/02/msg00029.html

www.debian.org/security/2023/dsa-5358

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

Related for NVD:CVE-2022-42706

alpinelinux1 cvelist1 veracode1 cve1 osv3 debiancve1 ubuntucve1 prion1 freebsd1 nessus3 openvas3 debian2