CVE-2023-49294

CVE Database · CVE-2023-49294

CVE-2023-49294

· MEDIUMModified

CVSS v3.1

4.9

EPSS

45.29%

Published

Dec 14, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-22

Affected Products (31)

digium · asterisk (up to 18.20.1)vulnerable

digium · asterisk (up to 20.5.1)vulnerable

digium · asteriskvulnerable

sangoma · certified_asteriskvulnerable