Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2024-42365

Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the FILE function inside the SET application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.

  • Published: Aug 8, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-42365
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Software From Fixed in
asterisk / asterisk 19.0.0 20.9.1
asterisk / asterisk - 18.24.2
asterisk / asterisk 21.4.0 21.4.0.x
asterisk / certified_asterisk 13.13.0-cert3 13.13.0-cert3.x
asterisk / certified_asterisk 13.13.0-cert1 13.13.0-cert1.x
asterisk / certified_asterisk 13.13.0-rc2 13.13.0-rc2.x
asterisk / certified_asterisk 13.13.0-cert2 13.13.0-cert2.x
asterisk / certified_asterisk 13.13.0 13.13.0.x
asterisk / certified_asterisk 13.13.0-rc1 13.13.0-rc1.x
asterisk / certified_asterisk 13.13.0-cert1-rc4 13.13.0-cert1-rc4.x
asterisk / certified_asterisk 13.13.0-cert1-rc1 13.13.0-cert1-rc1.x
asterisk / certified_asterisk 13.13.0-cert1-rc3 13.13.0-cert1-rc3.x
asterisk / certified_asterisk 13.13.0-cert1-rc2 13.13.0-cert1-rc2.x
asterisk / certified_asterisk 16.8.0-cert12 16.8.0-cert12.x
asterisk / certified_asterisk 16.8.0-cert11 16.8.0-cert11.x
asterisk / certified_asterisk 16.8.0-cert10 16.8.0-cert10.x
asterisk / certified_asterisk 16.8.0-cert9 16.8.0-cert9.x
asterisk / certified_asterisk 16.8.0-cert8 16.8.0-cert8.x
asterisk / certified_asterisk 16.8.0-cert7 16.8.0-cert7.x
asterisk / certified_asterisk 16.8.0-cert6 16.8.0-cert6.x
asterisk / certified_asterisk 16.8.0-cert5 16.8.0-cert5.x
asterisk / certified_asterisk 16.8.0-cert4 16.8.0-cert4.x
asterisk / certified_asterisk 16.8.0-cert3 16.8.0-cert3.x
asterisk / certified_asterisk 16.8.0-cert2 16.8.0-cert2.x
asterisk / certified_asterisk 16.8.0-cert1 16.8.0-cert1.x
asterisk / certified_asterisk 16.8.0 16.8.0.x
asterisk / certified_asterisk 16.8-cert10 16.8-cert10.x
asterisk / certified_asterisk 16.8-cert11 16.8-cert11.x
asterisk / certified_asterisk 16.8-cert12 16.8-cert12.x
asterisk / certified_asterisk 16.8-cert13 16.8-cert13.x
asterisk / certified_asterisk 16.8-cert14 16.8-cert14.x
asterisk / certified_asterisk 16.8-cert1-rc1 16.8-cert1-rc1.x
asterisk / certified_asterisk 16.8-cert1-rc2 16.8-cert1-rc2.x
asterisk / certified_asterisk 16.8-cert1-rc3 16.8-cert1-rc3.x
asterisk / certified_asterisk 16.8-cert1-rc4 16.8-cert1-rc4.x
asterisk / certified_asterisk 16.8-cert1-rc5 16.8-cert1-rc5.x
asterisk / certified_asterisk 16.8-cert4-rc1 16.8-cert4-rc1.x
asterisk / certified_asterisk 16.8-cert4-rc2 16.8-cert4-rc2.x
asterisk / certified_asterisk 16.8-cert4-rc3 16.8-cert4-rc3.x
asterisk / certified_asterisk 16.8-cert4-rc4 16.8-cert4-rc4.x
asterisk / certified_asterisk 18.9-cert1 18.9-cert1.x
asterisk / certified_asterisk 18.9-cert10 18.9-cert10.x
asterisk / certified_asterisk 18.9-cert1-rc1 18.9-cert1-rc1.x
asterisk / certified_asterisk 18.9-cert2 18.9-cert2.x
asterisk / certified_asterisk 18.9-cert3 18.9-cert3.x
asterisk / certified_asterisk 18.9-cert4 18.9-cert4.x
asterisk / certified_asterisk 18.9-cert5 18.9-cert5.x
asterisk / certified_asterisk 18.9-cert6 18.9-cert6.x
asterisk / certified_asterisk 18.9-cert7 18.9-cert7.x
asterisk / certified_asterisk 18.9-cert8 18.9-cert8.x
asterisk / certified_asterisk 18.9-cert8-rc1 18.9-cert8-rc1.x
asterisk / certified_asterisk 18.9-cert8-rc2 18.9-cert8-rc2.x
asterisk / certified_asterisk 18.9-cert9 18.9-cert9.x
asterisk / certified_asterisk 20.7-cert1 20.7-cert1.x
asterisk / certified_asterisk 20.7-cert1-rc1 20.7-cert1-rc1.x
asterisk / certified_asterisk 20.7-cert1-rc2 20.7-cert1-rc2.x