2 matches found
CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...
PT-2025-51351
Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.45 FreePBX versions prior to 17.0.24 Description FreePBX is a web-based graphical user interface for managing Asterisk. A local privilege escalation exists in the deprecated FreePBX startup script amportal in...