CVE-2023-49294

Опубликовано: 14 дек. 2023

Источник: nvd

CVSS3: 4.9

CVSS3: 7.5

EPSS Средний

Описание

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*

Версия до 18.20.1 (исключая)

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*

Версия от 19.0.0 (включая) до 20.5.1 (исключая)

cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10355

Средний

4.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-49294

CVSS3: 4.9

ubuntu

больше 1 года назад

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

CVE-2023-49294

CVSS3: 4.9

debian

больше 1 года назад

Asterisk is an open source private branch exchange and telephony toolk ...

BDU:2023-08871

CVSS3: 4.9

fstec

больше 1 года назад

Уязвимость интерфейса AMI (Asterisk Managment Interface) систем управления IP-телефонией Asterisk и Certified Asterisk, позволяющая нарушителю получить доступ на чтение произвольных файлов

ROS-20240807-03

CVSS3: 7.5

redos

11 месяцев назад

Множественные уязвимости asterisk

EPSS

Процентиль: 93%

0.10355

Средний

4.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22