DEBIAN-CVE-2024-57520

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-57520

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-57520.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-57520

Upstream

CVE-2024-57520

Published

2025-02-05T22:15:32.923Z

Modified

2025-11-20T10:17:51.055398Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.

References

https://security-tracker.debian.org/tracker/CVE-2024-57520

Affected packages

Debian:11 / asterisk

Package

Name: asterisk
Purl: pkg:deb/debian/asterisk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.16.1~dfsg-1

1:16.16.1~dfsg-1+deb11u1~bpo10+1

1:16.16.1~dfsg-1+deb11u1

1:16.16.1~dfsg-2

1:16.16.1~dfsg-3

1:16.16.1~dfsg-4

1:16.16.1~dfsg+~2.10-1

1:16.16.1~dfsg+~2.10-2

1:16.23.0~dfsg+~2.10-1

1:16.23.0~dfsg+~cs6.10.20220309-1

1:16.23.0~dfsg+~cs6.10.20220309-2

1:16.23.0~dfsg+~cs6.10.40431411-1

1:16.28.0~dfsg-0+deb11u1

1:16.28.0~dfsg-0+deb11u2

1:16.28.0~dfsg-0+deb11u3

1:16.28.0~dfsg-0+deb11u4

1:16.28.0~dfsg-0+deb11u5

1:16.28.0~dfsg-0+deb11u6

1:16.28.0~dfsg-0+deb11u7

1:16.28.0~dfsg-0+deb11u8

1:18.*

1:18.9.0~dfsg+~cs6.10.40431411-1

1:18.10.0~dfsg+~cs6.10.40431411-1

1:18.10.0~dfsg+~cs6.10.40431411-2

1:18.10.1~dfsg+~cs6.10.40431411-1

1:18.11.1~dfsg+~cs6.10.40431413-1

1:18.11.2~dfsg+~cs6.10.40431413-1

1:18.12.0~dfsg+~cs6.12.40431413-1

1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1

1:18.14.0~dfsg+~cs6.12.40431414-1

1:20.*

1:20.0.0~~rc1~dfsg+~cs6.12.40431414-1

1:20.0.0~~rc2~dfsg+~cs6.12.40431414-1

1:20.0.0~dfsg+~cs6.12.40431414-1

1:20.0.0~dfsg+~cs6.12.40431414-2

1:20.0.1~dfsg+~cs6.12.40431414-1

1:20.1.0~~rc2~dfsg+~cs6.12.40431414-1

1:20.1.0~dfsg+~cs6.12.40431414-1

1:20.2.1~dfsg+~cs6.13.40431413-1

1:20.3.0~dfsg+~cs6.13.40431413-1

1:20.4.0~dfsg+~cs6.13.40431414-1

1:20.4.0~dfsg+~cs6.13.40431414-2

1:20.5.0~dfsg+~cs6.13.40431414-1

1:20.5.1~dfsg+~cs6.13.40431414-1

1:20.5.2~dfsg+~cs6.13.40431414-1

1:20.6.0~dfsg+~cs6.13.40431414-1

1:20.6.0~dfsg+~cs6.13.40431414-2

1:20.8.1~dfsg+~cs6.14.40431414-1

1:20.9.3~dfsg+~cs6.14.60671435-1

1:22.*

1:22.0.0~~rc2~dfsg+~cs6.14.60671435-1

1:22.0.0~dfsg+~cs6.14.60671435-1

1:22.1.0~dfsg+~cs6.14.60671435-1

1:22.1.1~dfsg+~cs6.14.60671435-1

1:22.2.0~dfsg+~cs6.15.60671435-1

1:22.2.0~dfsg+~cs6.15.60671435-2

1:22.3.0~~rc1~dfsg+~cs6.15.60671435-1

1:22.3.0~dfsg+~cs6.15.60671435-1

1:22.4.1~dfsg+~cs6.15.60671435-1

1:22.4.1~dfsg+~cs6.15.60671435-2

1:22.5.1~dfsg+~cs6.15.60671435-1

1:22.5.2~dfsg+~cs6.15.60671435-1

1:22.6.0~dfsg+~cs6.15.60671435-1

Ecosystem specific

{
    "urgency": "unimportant"
}