CVE-2026-23741
published 2026-02-06CVE-2026-23741: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.17%
7.0th percentile
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | asterisk | < 23.2.2 | 23.2.2 |
| asterisk | asterisk | < 22.8.2 | 22.8.2 |
| asterisk | asterisk | < 21.12.1 | 21.12.1 |
| asterisk | asterisk | < 20.18.2 | 20.18.2 |
| asterisk | asterisk | < 20.7-cert9 | 20.7-cert9 |
| asterisk | asterisk | >= 0 < 1:16.28.0~dfsg-0+deb11u9 | 1:16.28.0~dfsg-0+deb11u9 |
| debian | asterisk | < asterisk 1:16.28.0~dfsg-0+deb11u9 (bullseye) | asterisk 1:16.28.0~dfsg-0+deb11u9 (bullseye) |
| sangoma | asterisk | < 20.18.2 | 20.18.2 |
| sangoma | asterisk | >= 21.0.0 < 21.12.1 | 21.12.1 |
| sangoma | asterisk | >= 22.0.0 < 22.8.2 | 22.8.2 |
| sangoma | asterisk | >= 23.0.0 < 23.2.2 | 23.2.2 |
| sangoma | certified_asterisk | <= 18.9 | — |
| sangoma | certified_asterisk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected writes or modifications to /etc/asterisk/ast_debug_tools.conf by the asterisk user or group, which could indicate pre-exploitation staging for privilege escalation. ↗
- →Alert on execution of ast_coredumper as root (UID 0), especially when /etc/asterisk/ast_debug_tools.conf has been recently modified by a non-root user. ↗
- →Audit file integrity of /etc/asterisk/ast_debug_tools.conf; unexpected bash constructs (functions, subshells, command substitutions) injected into this config file are a strong indicator of exploitation attempt. ↗
- ·The /etc/asterisk/ directory is writable by the asterisk user:group, which is the prerequisite for exploitation. Verify and restrict directory permissions as part of hardening. ↗
- ·Patched versions are 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. Unpatched deployments running ast_coredumper as root remain exploitable. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8NONE
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2026-23741: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ...
vendor_debian·2026·CVSS 8.8
CVE-2026-23741 [NONE] CVE-2026-23741: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ...
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2
OSV
CVE-2026-23741: Asterisk is an open source private branch exchange and telephony toolkit
osv·2026-02-06·CVSS 8.8
CVE-2026-23741 [HIGH] CVE-2026-23741: Asterisk is an open source private branch exchange and telephony toolkit
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-23741 asterisk: privilege escalation via the ast_coredumper script [fedora-42]
bugzilla·2026-02-09·CVSS 8.8
CVE-2026-23741 [HIGH] CVE-2026-23741 asterisk: privilege escalation via the ast_coredumper script [fedora-42]
CVE-2026-23741 asterisk: privilege escalation via the ast_coredumper script [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change th
Wiz
CVE-2026-23741 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-23741 [MEDIUM] CVE-2026-23741 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23741 :
NixOS vulnerability analysis and mitigation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue
2026-02-06
Published