Published: 05/12/2022 Updated: 24/02/2023

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 0

An issue exists in Sangoma Asterisk up to and including 16.28, 17 and 18 up to and including 18.14, 19 up to and including 19.6, and certified up to and including 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sangoma asterisk
sangoma certified asterisk 18.9
sangoma certified asterisk
sangoma asterisk 20.0.0

Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 1:16280~dfsg-0+d ...

CWE-22 https://downloads.asterisk.org/pub/security/AST-2022-009.html https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html https://www.debian.org/security/2023/dsa-5358 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5358

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-42706

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect