No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
No reference.
Mon, 09 Dec 2024 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:sangoma:asterisk:21.0.0:*:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:* |
|
| Vendors & Products |
Sangoma
Sangoma asterisk Sangoma certified Asterisk |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Mon, 09 Dec 2024 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Asterisk
Asterisk asterisk Asterisk certified Asterisk |
|
| Metrics |
ssvc
|
Mon, 09 Dec 2024 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In manager.c, the functions action_getconfig() and action_getconfigJson() do not process the input file path, resulting in a path traversal vulnerability. In versions without the restrictedFile() function, no processing is done on the input path. In versions with the restrictedFile() function, path traversal is not processed. | DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
Thu, 24 Oct 2024 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Sangoma
Sangoma asterisk Sangoma certified Asterisk |
|
| CPEs | cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:* cpe:2.3:a:sangoma:asterisk:21.0.0:*:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:* cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:* |
|
| Vendors & Products |
Sangoma
Sangoma asterisk Sangoma certified Asterisk |
Tue, 22 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Asterisk
Asterisk asterisk Asterisk certified Asterisk |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:* cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Asterisk
Asterisk asterisk Asterisk certified Asterisk |
|
| Metrics |
cvssV3_1
|
Mon, 21 Oct 2024 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In manager.c, the functions action_getconfig() and action_getconfigJson() do not process the input file path, resulting in a path traversal vulnerability. In versions without the restrictedFile() function, no processing is done on the input path. In versions with the restrictedFile() function, path traversal is not processed. | |
| References |
|
Subscriptions
No data.
Status: REJECTED
Assigner: mitre
Published:
Updated: 2024-12-09T22:36:11.613Z
Reserved: 2024-10-14T00:00:00.000Z
Link: CVE-2024-49215
Updated:
Status : Rejected
Published: 2024-10-21T01:15:02.943
Modified: 2024-12-09T23:15:08.250
Link: CVE-2024-49215
No data.
OpenCVE Enrichment
No data.
No weakness.