CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
59.1%
Asterisk is an open source private branch exchange (PBX) and telephony
toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and
certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with
write=originate
may change all configuration files in the
/etc/asterisk/
directory. This occurs because they are able to curl
remote files and write them to disk, but are also able to append to
existing files using the FILE
function inside the SET
application. This
issue may result in privilege escalation, remote code execution and/or
blind server-side request forgery with arbitrary protocol. Asterisk
versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions
18.9-cert11 and 20.7-cert2 contain a fix for this issue.
github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 (releases/21)
github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993 (releases/20)
github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2 (releases/18)
github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
launchpad.net/bugs/cve/CVE-2024-42365
nvd.nist.gov/vuln/detail/CVE-2024-42365
security-tracker.debian.org/tracker/CVE-2024-42365
www.cve.org/CVERecord?id=CVE-2024-42365