Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49294


Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.


Published

2023-12-14T20:15:52.730

Last Modified

2024-11-21T08:33:12.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-22

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application digium asterisk < 18.20.1 Yes
Application digium asterisk < 20.5.1 Yes
Application digium asterisk 21.0.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 13.13.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 16.8.0 Yes
Application sangoma certified_asterisk 18.9 Yes
Application sangoma certified_asterisk 18.9 Yes
Application sangoma certified_asterisk 18.9 Yes
Application sangoma certified_asterisk 18.9 Yes
Application sangoma certified_asterisk 18.9 Yes

References