Search for vulnerabilities
Vulnerability details: VCID-2sqb-p9p3-aaam
Vulnerability ID VCID-2sqb-p9p3-aaam
Aliases CVE-2024-42365
Summary asterisk: From NVD collector
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1220 Insufficient Granularity of Access Control
CWE-267 Privilege Defined With Unsafe Actions
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42365.json
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04136 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04758 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04758 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04758 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04758 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04758 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04898 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.04898 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.3338 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.3338 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.3338 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.3338 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.3338 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.33961 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.34356 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.35499 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
epss 0.469 https://api.first.org/data/v1/epss?cve=CVE-2024-42365
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-42365
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-42365
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42365.json
https://api.first.org/data/v1/epss?cve=CVE-2024-42365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
1078574 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
2303740 https://bugzilla.redhat.com/show_bug.cgi?id=2303740
cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:21.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:asterisk:21.4.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert11:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert12:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert13:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert14:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert10:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert6:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert7:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:18.9:cert9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:18.9:cert9:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*
CVE-2024-42365 https://nvd.nist.gov/vuln/detail/CVE-2024-42365
Data source Metasploit
Description On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to achieve RCE as the asterisk service user (typically asterisk). Default parking lot in FreePBX is called "Default lot" on the website interface, however its actually 'parkedcalls'. Tested against Asterisk 19.8.0 and 18.16.0 on Freepbx SNG7-PBX16-64bit-2302-1.
Note 
Stability:
  - crash-safe
SideEffects:
  - ioc-in-logs
  - config-changes
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date Aug. 8, 2024
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42365.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-42365
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-42365
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.59415
EPSS Score 0.00211
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-08-09T07:27:21.227539+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42365.json 34.0.0rc4