Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-42706
HistoryDec 05, 2022 - 12:00 a.m.

CVE-2022-42706

2022-12-0500:00:00
ubuntu.com
ubuntu.com
17

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18
through 18.14, 19 through 19.6, and certified through 18.9-cert1.
GetConfig, via Asterisk Manager Interface, allows a connected application
to access files outside of the asterisk configuration directory, aka
Directory Traversal.

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%