{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96325?format=json","vulnerability_id":"VCID-r54j-ydjm-4uca","summary":"Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.","aliases":[{"alias":"CVE-2024-57520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921521?format=json","purl":"pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.3.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585942?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-r54j-ydjm-4uca"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57520","reference_id":"","reference_type":"","scores":[{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87634","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.8763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87641","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87588","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87604","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520"},{"reference_url":"https://github.com/asterisk/asterisk/issues/1122","reference_id":"1122","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/"}],"url":"https://github.com/asterisk/asterisk/issues/1122"},{"reference_url":"https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621","reference_id":"ae76ab25acfbe263b2ed7b24b6e5c621","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/"}],"url":"https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":"0.5","weighted_severity":"8.8","risk_score":4.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r54j-ydjm-4uca"}