Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Asterisk
  • Asterisk
  • Certified Asterisk

Configuration 1 [-]

OR cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:21.4.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert11:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert12:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert13:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert14:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert6:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert7:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert9:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426 cve-icon cve-icon cve-icon
https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426 cve-icon cve-icon cve-icon
https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 cve-icon cve-icon cve-icon
https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8 cve-icon cve-icon cve-icon
https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 cve-icon cve-icon cve-icon
https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993 cve-icon cve-icon cve-icon
https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2 cve-icon cve-icon cve-icon
https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-42365 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-42365 cve-icon
History

Mon, 16 Sep 2024 20:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:asterisk:asterisk:21.4.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert11:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert12:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert13:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert14:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert6:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert7:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert9:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1:*:*:*:*:*:*

Mon, 12 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:asterisk:asterisk:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:19.0:*:*:*:*:*:*:*

Fri, 09 Aug 2024 05:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 08 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Asterisk
Asterisk asterisk
Asterisk certified Asterisk
CPEs cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:19.0:*:*:*:*:*:*:*
Vendors & Products Asterisk
Asterisk asterisk
Asterisk certified Asterisk
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 08 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
Description Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
Title Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
Weaknesses CWE-1220
CWE-267
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L'}
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-08-08T16:29:07.436Z

Updated: 2024-08-12T15:49:00.190Z

Reserved: 2024-07-30T14:01:33.923Z

Link: CVE-2024-42365

cve-icon Vulnrichment

Updated: 2024-08-08T16:43:53.890Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-08T17:15:19.340

Modified: 2024-09-16T20:23:18.407

Link: CVE-2024-42365

cve-icon Redhat

Severity : Important

Publid Date: 2024-08-08T00:00:00Z

Links: CVE-2024-42365 - Bugzilla