CVE-2024-53566 — Path Traversal in Asterisk

CWE-22 — Path Traversal4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 84.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sangoma Asterisk Debian Asterisk Debian Linux

Timeline

PublishedDec 2

Description

An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debiansangoma/asterisk< 1:16.28.0~dfsg-0+deb11u6

▶NVDsangoma/asterisk22.0.0

▶debiandebian/asterisk< asterisk 1:16.28.0~dfsg-0+deb11u6 (bullseye)

Also affects: Debian Linux 11.0

🔴Vulnerability Details

OSV

CVE-2024-53566: An issue in the action_listcategories() function of Sangoma Asterisk v22/22↗2024-12-02

▶

GHSA

GHSA-2fr9-xph3-mm3j: An issue in the action_listcategories() function of Sangoma Asterisk v22/22↗2024-12-02

▶

📋Vendor Advisories

Debian

CVE-2024-53566: asterisk - An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/...↗2024

▶