cbcvebase.
CVE-2024-53566
published 2024-12-02

CVE-2024-53566: An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

PriorityP428medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.29%
20.9th percentile
An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:16.28.0~dfsg-0+deb11u6 (bullseye)asterisk 1:16.28.0~dfsg-0+deb11u6 (bullseye)
debiandebian_linux
sangomaasterisk
sangomaasterisk>= 0 < 1:16.28.0~dfsg-0+deb11u61:16.28.0~dfsg-0+deb11u6

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.