An issue exists in Sangoma Asterisk up to and including 16.28, 17 and 18 up to and including 18.14, 19 up to and including 19.6, and certified up to and including 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sangoma asterisk |
||
sangoma certified asterisk 18.9 |
||
sangoma certified asterisk |
||
sangoma asterisk 20.0.0 |