CVE-2023-49294
Published: 14 December 2023
Summary
CVE-2023-49294 is a medium-severity Path Traversal (CWE-22) vulnerability in Sangoma Certified Asterisk. Its CVSS base score is 4.9 (Medium).
Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Asterisk, an open source private branch exchange and telephony toolkit, contains a path traversal flaw (CWE-22) in versions prior to 18.20.1, 20.5.1, and 21.0.1 as well as certified-asterisk releases before 18.9-cert6. The issue resides in the manager interface code and permits reading of arbitrary files on the host even when the live_dangerously setting remains disabled, resulting in a CVSS 4.9 vector that requires network access and high privileges.
An authenticated user with manager-interface credentials can supply crafted requests that traverse the file system and retrieve any readable file, exposing configuration data, credentials, or other sensitive content while leaving system integrity and availability unaffected.
Official patches and advisories direct administrators to upgrade immediately to Asterisk 18.20.1, 20.5.1, 21.0.1 or certified-asterisk 18.9-cert6; the correction is documented in the referenced GitHub commit and security advisory along with corresponding Debian LTS updates.
The associated EPSS score has remained flat at 0.1709 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-53282
Vulnerability details
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is…
more
not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.