CVE-2024-49215

Oct. 21, 2024, 5:09 p.m.

Tags

cve@mitre.org
2024-10-21
CVE-2024-49215

Product(s) Impacted

Asterisk

  • through 18.20.0
  • 19.x through 20.5.0
  • 21.x through 21.0.0
  • Certified Asterisk through 18.9-cert5

Description

An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In manager.c, the functions action_getconfig() and action_getconfigJson() do not process the input file path, resulting in a path traversal vulnerability. In versions without the restrictedFile() function, no processing is done on the input path. In versions with the restrictedFile() function, path traversal is not processed.

Weaknesses

Date

Published: Oct. 21, 2024, 1:15 a.m.

Last Modified: Oct. 21, 2024, 5:09 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://gist.github.com/hyp164D1/5d68b9b7a504f1416272a825ce65966a
cve@mitre.org
https://github.com/asterisk/asterisk/blob/20.5.0/main/manager.c#L3755
cve@mitre.org