Path Traversal Vulnerability in Sangoma Asterisk Software
CVE-2024-53566

5.5MEDIUM

Key Information:

Vendor: Sangoma
Status: Asterisk
Vendor: CVE Published:; 2 December 2024

What is CVE-2024-53566?

A vulnerability exists in the action_listcategories() function of Sangoma Asterisk that enables attackers to exploit path traversal. This weakness allows unauthorized users to access files and directories located outside the intended folder structure, which could lead to exposure of sensitive information. It is critical for users of affected versions to apply the latest patches and updates to mitigate potential security risks.

References

https://github.com/asterisk/asterisk/blob/22/main/manager...

https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 20, 2024

CVE-2024-53566 Data

JSON