CVE-2022-42706
Debian Security Advisory 5358-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.
Se descubrió un problema en Sangoma Asterisk hasta 16.28, 17 y 18 hasta 18.14, 19 hasta 19.6 y se certificó hasta 18.9-cert1. GetConfig, a través de la interfaz de Asterisk Manager, permite que una aplicación conectada acceda a archivos fuera del directorio de configuración de Asterisk, aka como Directory Traversal.
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-10 CVE Reserved
- 2022-12-05 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://downloads.asterisk.org/pub/security/AST-2022-009.html | 2023-02-24 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2023/dsa-5358 | 2023-02-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 16.0.0 < 16.29.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 16.0.0 < 16.29.1" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 17.0.0 < 18.15.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 17.0.0 < 18.15.1" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 19.0.0 < 19.7.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 19.0.0 < 19.7.1" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | 20.0.0 Search vendor "Sangoma" for product "Asterisk" and version "20.0.0" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Certified Asterisk Search vendor "Sangoma" for product "Certified Asterisk" | < 18.9 Search vendor "Sangoma" for product "Certified Asterisk" and version " < 18.9" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Certified Asterisk Search vendor "Sangoma" for product "Certified Asterisk" | 18.9 Search vendor "Sangoma" for product "Certified Asterisk" and version "18.9" | cert1 |
Affected
| ||||||