8.8

CVE-2024-42365

Exploit

Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan

Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Version < 18.24.2
AsteriskAsterisk Version >= 19.0.0 < 20.9.1
AsteriskAsterisk Version21.4.0
AsteriskCertified Asterisk Version13.13.0
AsteriskCertified Asterisk Version13.13.0 Updatecert1
AsteriskCertified Asterisk Version13.13.0 Updatecert1-rc1
AsteriskCertified Asterisk Version13.13.0 Updatecert1-rc2
AsteriskCertified Asterisk Version13.13.0 Updatecert1-rc3
AsteriskCertified Asterisk Version13.13.0 Updatecert1-rc4
AsteriskCertified Asterisk Version13.13.0 Updatecert2
AsteriskCertified Asterisk Version13.13.0 Updatecert3
AsteriskCertified Asterisk Version13.13.0 Updaterc1
AsteriskCertified Asterisk Version13.13.0 Updaterc2
AsteriskCertified Asterisk Version16.8 Updatecert1-rc1
AsteriskCertified Asterisk Version16.8 Updatecert1-rc2
AsteriskCertified Asterisk Version16.8 Updatecert1-rc3
AsteriskCertified Asterisk Version16.8 Updatecert1-rc4
AsteriskCertified Asterisk Version16.8 Updatecert1-rc5
AsteriskCertified Asterisk Version16.8 Updatecert10
AsteriskCertified Asterisk Version16.8 Updatecert11
AsteriskCertified Asterisk Version16.8 Updatecert12
AsteriskCertified Asterisk Version16.8 Updatecert13
AsteriskCertified Asterisk Version16.8 Updatecert14
AsteriskCertified Asterisk Version16.8 Updatecert4-rc1
AsteriskCertified Asterisk Version16.8 Updatecert4-rc2
AsteriskCertified Asterisk Version16.8 Updatecert4-rc3
AsteriskCertified Asterisk Version16.8 Updatecert4-rc4
AsteriskCertified Asterisk Version16.8.0 Update-
AsteriskCertified Asterisk Version16.8.0 Updatecert1
AsteriskCertified Asterisk Version16.8.0 Updatecert10
AsteriskCertified Asterisk Version16.8.0 Updatecert11
AsteriskCertified Asterisk Version16.8.0 Updatecert12
AsteriskCertified Asterisk Version16.8.0 Updatecert2
AsteriskCertified Asterisk Version16.8.0 Updatecert3
AsteriskCertified Asterisk Version16.8.0 Updatecert4
AsteriskCertified Asterisk Version16.8.0 Updatecert5
AsteriskCertified Asterisk Version16.8.0 Updatecert6
AsteriskCertified Asterisk Version16.8.0 Updatecert7
AsteriskCertified Asterisk Version16.8.0 Updatecert8
AsteriskCertified Asterisk Version16.8.0 Updatecert9
AsteriskCertified Asterisk Version18.9 Updatecert1
AsteriskCertified Asterisk Version18.9 Updatecert1-rc1
AsteriskCertified Asterisk Version18.9 Updatecert10
AsteriskCertified Asterisk Version18.9 Updatecert2
AsteriskCertified Asterisk Version18.9 Updatecert3
AsteriskCertified Asterisk Version18.9 Updatecert4
AsteriskCertified Asterisk Version18.9 Updatecert5
AsteriskCertified Asterisk Version18.9 Updatecert6
AsteriskCertified Asterisk Version18.9 Updatecert7
AsteriskCertified Asterisk Version18.9 Updatecert8
AsteriskCertified Asterisk Version18.9 Updatecert8-rc1
AsteriskCertified Asterisk Version18.9 Updatecert8-rc2
AsteriskCertified Asterisk Version18.9 Updatecert9
AsteriskCertified Asterisk Version20.7 Updatecert1
AsteriskCertified Asterisk Version20.7 Updatecert1-rc1
AsteriskCertified Asterisk Version20.7 Updatecert1-rc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.7% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 7.4 3.1 3.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE-1220 Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

CWE-267 Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
Issue Tracking
https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
Issue Tracking
https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
Patch
https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
Patch
https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
Patch
https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
Patch
https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
Patch
https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
Vendor Advisory
Exploit
Technical Description
https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html