Lucene search

Ubuntu.comUB:CVE-2024-42365

HistoryAug 08, 2024 - 12:00 a.m.

CVE-2024-42365

2024-08-0800:00:00

ubuntu.com

asterisk

pbx

ami user

configuration files

privilege escalation

remote code execution

server-side request forgery

version 18.24.2

version 20.9.2

version 21.4.2

version 18.9-cert11

version 20.7-cert2

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

59.1%

JSON

Asterisk is an open source private branch exchange (PBX) and telephony
toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and
certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with
write=originate may change all configuration files in the
/etc/asterisk/ directory. This occurs because they are able to curl
remote files and write them to disk, but are also able to append to
existing files using the FILE function inside the SET application. This
issue may result in privilege escalation, remote code execution and/or
blind server-side request forgery with arbitrary protocol. Asterisk
versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions
18.9-cert11 and 20.7-cert2 contain a fix for this issue.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchasterisk< anyUNKNOWN
ubuntu20.04noarchasterisk< anyUNKNOWN
ubuntu22.04noarchasterisk< anyUNKNOWN
ubuntu24.04noarchasterisk< anyUNKNOWN
ubuntu16.04noarchasterisk< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	asterisk	< any	UNKNOWN
ubuntu	20.04	noarch	asterisk	< any	UNKNOWN
ubuntu	22.04	noarch	asterisk	< any	UNKNOWN
ubuntu	24.04	noarch	asterisk	< any	UNKNOWN
ubuntu	16.04	noarch	asterisk	< any	UNKNOWN

References

github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426

github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426

github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4

github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8

github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71

github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 (releases/21)

github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993

github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993 (releases/20)

github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2

github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2 (releases/18)

github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44

launchpad.net/bugs/cve/CVE-2024-42365

nvd.nist.gov/vuln/detail/CVE-2024-42365

security-tracker.debian.org/tracker/CVE-2024-42365

www.cve.org/CVERecord?id=CVE-2024-42365