Description
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Published: 2024-10-21
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References

No reference.

History

Mon, 09 Dec 2024 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
CPEs cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
Vendors & Products Sangoma
Sangoma asterisk
Sangoma certified Asterisk
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Mon, 09 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*
Vendors & Products Asterisk
Asterisk asterisk
Asterisk certified Asterisk
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 09 Dec 2024 22:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In manager.c, the functions action_getconfig() and action_getconfigJson() do not process the input file path, resulting in a path traversal vulnerability. In versions without the restrictedFile() function, no processing is done on the input path. In versions with the restrictedFile() function, path traversal is not processed. DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Thu, 24 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Sangoma
Sangoma asterisk
Sangoma certified Asterisk
CPEs cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
Vendors & Products Sangoma
Sangoma asterisk
Sangoma certified Asterisk

Tue, 22 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Asterisk
Asterisk asterisk
Asterisk certified Asterisk
Weaknesses CWE-22
CPEs cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*
Vendors & Products Asterisk
Asterisk asterisk
Asterisk certified Asterisk
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 21 Oct 2024 00:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In manager.c, the functions action_getconfig() and action_getconfigJson() do not process the input file path, resulting in a path traversal vulnerability. In versions without the restrictedFile() function, no processing is done on the input path. In versions with the restrictedFile() function, path traversal is not processed.
References

Subscriptions

No data.

cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published:

Updated: 2024-12-09T22:36:11.613Z

Reserved: 2024-10-14T00:00:00.000Z

Link: CVE-2024-49215

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2024-10-21T01:15:02.943

Modified: 2024-12-09T23:15:08.250

Link: CVE-2024-49215

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.