3 matches found
CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...
PT-2025-51351
Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.45 FreePBX versions prior to 17.0.24 Description FreePBX is a web-based graphical user interface for managing Asterisk. A local privilege escalation exists in the deprecated FreePBX startup script amportal in...
ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP VoIP 4.0.1 - Remote Code Execution Exploit Title: ASTPP VoIP 4.0.1 - Remote Code Execution Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script...