cbcvebase.
CVE-2022-42706
published 2022-12-05

CVE-2022-42706: An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk…

PriorityP427medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
1.09%
61.4th percentile
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:16.28.0~dfsg-0+deb11u2 (bullseye)asterisk 1:16.28.0~dfsg-0+deb11u2 (bullseye)
sangomaasterisk
sangomaasterisk>= 0 < 1:16.28.0~dfsg-0+deb11u21:16.28.0~dfsg-0+deb11u2
sangomaasterisk>= 16.0.0 < 16.29.116.29.1
sangomaasterisk>= 17.0.0 < 18.15.118.15.1
sangomaasterisk>= 19.0.0 < 19.7.119.7.1
sangomacertified_asterisk< 18.918.9
sangomacertified_asterisk

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
osv4.9MEDIUM
vendor_debian4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.