An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.
2022-12-05T21:15:10.227
2025-04-24T15:15:50.737
Modified
CVSSv3.1: 4.9 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sangoma | asterisk | < 16.29.1 | Yes |
| Application | sangoma | asterisk | < 18.15.1 | Yes |
| Application | sangoma | asterisk | < 19.7.1 | Yes |
| Application | sangoma | asterisk | 20.0.0 | Yes |
| Application | sangoma | certified_asterisk | < 18.9 | Yes |
| Application | sangoma | certified_asterisk | 18.9 | Yes |