Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk before 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk before 18.9-cert6, contain a fix for this issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sangoma certified asterisk 18.9 |
||
sangoma certified asterisk 13.13.0 |
||
sangoma certified asterisk 16.8.0 |
||
digium asterisk 21.0.0 |
||
digium asterisk |