Vulnerability Details CVE-2022-42706
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.7%
CVSS Severity
CVSS v3 Score 4.9
References
- https://downloads.asterisk.org/pub/security/AST-2022-009.html
- https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
- https://www.debian.org/security/2023/dsa-5358
- https://downloads.asterisk.org/pub/security/AST-2022-009.html
- https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
- https://www.debian.org/security/2023/dsa-5358
Products affected by CVE-2022-42706
-
cpe:2.3:a:sangoma:asterisk:16.0.0
-
cpe:2.3:a:sangoma:asterisk:16.10.0
-
cpe:2.3:a:sangoma:asterisk:16.11.0
-
cpe:2.3:a:sangoma:asterisk:16.12.0
-
cpe:2.3:a:sangoma:asterisk:16.14.0
-
cpe:2.3:a:sangoma:asterisk:16.14.1
-
cpe:2.3:a:sangoma:asterisk:16.15.0
-
cpe:2.3:a:sangoma:asterisk:16.16.0
-
cpe:2.3:a:sangoma:asterisk:16.16.1
-
cpe:2.3:a:sangoma:asterisk:16.5.0
-
cpe:2.3:a:sangoma:asterisk:16.6.0
-
cpe:2.3:a:sangoma:asterisk:16.7.0
-
cpe:2.3:a:sangoma:asterisk:16.8.0
-
cpe:2.3:a:sangoma:asterisk:16.9.0
-
cpe:2.3:a:sangoma:asterisk:17.0.0
-
cpe:2.3:a:sangoma:asterisk:17.1.0
-
cpe:2.3:a:sangoma:asterisk:17.2.0
-
cpe:2.3:a:sangoma:asterisk:17.3.0
-
cpe:2.3:a:sangoma:asterisk:17.4.0
-
cpe:2.3:a:sangoma:asterisk:17.5.0
-
cpe:2.3:a:sangoma:asterisk:17.6.0
-
cpe:2.3:a:sangoma:asterisk:17.7.0
-
cpe:2.3:a:sangoma:asterisk:17.8.0
-
cpe:2.3:a:sangoma:asterisk:17.8.1
-
cpe:2.3:a:sangoma:asterisk:17.9.0
-
cpe:2.3:a:sangoma:asterisk:17.9.1
-
cpe:2.3:a:sangoma:asterisk:17.9.2
-
cpe:2.3:a:sangoma:asterisk:18.0.0
-
cpe:2.3:a:sangoma:asterisk:18.0.1
-
cpe:2.3:a:sangoma:asterisk:18.1.0
-
cpe:2.3:a:sangoma:asterisk:18.1.1
-
cpe:2.3:a:sangoma:asterisk:18.10.0
-
cpe:2.3:a:sangoma:asterisk:18.10.1
-
cpe:2.3:a:sangoma:asterisk:18.11.0
-
cpe:2.3:a:sangoma:asterisk:18.11.1
-
cpe:2.3:a:sangoma:asterisk:18.11.2
-
cpe:2.3:a:sangoma:asterisk:18.11.3
-
cpe:2.3:a:sangoma:asterisk:18.12.0
-
cpe:2.3:a:sangoma:asterisk:18.12.1
-
cpe:2.3:a:sangoma:asterisk:18.13.0
-
cpe:2.3:a:sangoma:asterisk:18.14.0
-
cpe:2.3:a:sangoma:asterisk:18.15.0
-
cpe:2.3:a:sangoma:asterisk:18.2.0
-
cpe:2.3:a:sangoma:asterisk:18.2.1
-
cpe:2.3:a:sangoma:asterisk:18.2.2
-
cpe:2.3:a:sangoma:asterisk:18.3.0
-
cpe:2.3:a:sangoma:asterisk:18.4.0
-
cpe:2.3:a:sangoma:asterisk:18.5.0
-
cpe:2.3:a:sangoma:asterisk:18.5.1
-
cpe:2.3:a:sangoma:asterisk:18.6.0
-
cpe:2.3:a:sangoma:asterisk:18.7.0
-
cpe:2.3:a:sangoma:asterisk:18.7.1
-
cpe:2.3:a:sangoma:asterisk:18.8.0
-
cpe:2.3:a:sangoma:asterisk:18.9.0
-
cpe:2.3:a:sangoma:asterisk:19.0.0
-
cpe:2.3:a:sangoma:asterisk:19.1.0
-
cpe:2.3:a:sangoma:asterisk:19.2.0
-
cpe:2.3:a:sangoma:asterisk:19.2.1
-
cpe:2.3:a:sangoma:asterisk:19.3.0
-
cpe:2.3:a:sangoma:asterisk:19.3.1
-
cpe:2.3:a:sangoma:asterisk:19.3.2
-
cpe:2.3:a:sangoma:asterisk:19.3.3
-
cpe:2.3:a:sangoma:asterisk:19.4.0
-
cpe:2.3:a:sangoma:asterisk:19.4.1
-
cpe:2.3:a:sangoma:asterisk:19.5.0
-
cpe:2.3:a:sangoma:asterisk:19.6.0
-
cpe:2.3:a:sangoma:asterisk:19.7.0
-
cpe:2.3:a:sangoma:asterisk:20.0.0
-
cpe:2.3:a:sangoma:certified_asterisk:13.13.0
-
cpe:2.3:a:sangoma:certified_asterisk:16.8
-
cpe:2.3:a:sangoma:certified_asterisk:16.8.0
-
cpe:2.3:a:sangoma:certified_asterisk:18.9