Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3559 — Path Traversal in Asterisk

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

5.5%

top 9.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedNov 16

Latest updateMay 1

Description

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.2.7.1.dfsg-2 (bullseye)

▶Debiandigium/asterisk< 1:1.2.7.1.dfsg-2

▶NVDdigium/asterisk33 versions+32

🔴Vulnerability Details

GHSA

GHSA-429c-7p43-rw2j: Directory traversal vulnerability in vmail↗2022-05-01

▶

OSV

CVE-2005-3559: Directory traversal vulnerability in vmail↗2005-11-16

▶

💥Exploits & PoCs

Exploit-DB

Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access↗2005-11-07

▶

📋Vendor Advisories

Debian

CVE-2005-3559: asterisk - Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-b...↗2005

▶