CVE-2024-42365
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42365
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42365.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42365
- Aliases
-
- GHSA-c4cg-9275-6w44
- Downstream
- Published
- 2024-08-08T16:29:07.436Z
- Modified
- 2025-12-05T05:58:19.976717Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
- Details
-
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with
write=originatemay change all configuration files in the/etc/asterisk/directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using theFILEfunction inside theSETapplication. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. - Database specific
{ "cwe_ids": [ "CWE-1220", "CWE-267" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42365.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42365.json
- https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
- https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
- https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
- https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
- https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
- https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
- https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
- https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
- https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-42365
Affected packages
Git / github.com/asterisk/asterisk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/asterisk/asterisk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "18.24.2" }, { "fixed": "18.9-cert11" } ] }
Affected versions
18.*
18.17.0
18.17.0-rc1
18.17.1
18.18.0
18.18.0-rc1
18.18.1
18.19.0
18.19.0-rc1
18.19.0-rc2
18.20.0
18.20.0-rc1
18.20.1
18.20.2
18.21.0
18.21.0-rc1
18.21.0-rc2
18.22.0
18.22.0-rc1
18.22.0-rc2
18.23.0
18.23.0-rc1
18.23.1
18.24.0
18.24.0-rc1
18.24.1
18.9.0
18.9.0-rc1
21.*
21.0.0
21.0.1
21.0.2
21.1.0
21.1.0-rc1
21.1.0-rc2
21.2.0
21.2.0-rc1
21.2.0-rc2
21.3.0
21.3.0-rc1
21.3.1
21.4.0
21.4.0-rc1
21.4.1
certified-18.*
certified-18.9-cert10
certified-18.9-cert4
certified-18.9-cert5
certified-18.9-cert6
certified-18.9-cert7
certified-18.9-cert8
certified-18.9-cert8-rc1
certified-18.9-cert8-rc2
certified-18.9-cert9
certified/18.*
certified/18.9-cert1
certified/18.9-cert1-rc1
certified/18.9-cert2
certified/18.9-cert3
certified/18.9-cert4