Search for vulnerabilities
Vulnerability details: VCID-yc5f-mge7-b7ea
Vulnerability ID VCID-yc5f-mge7-b7ea
Aliases CVE-2024-53566
Summary An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-53566
cvssv3.1 5.5 https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
ssvc Track https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
cvssv3.1 5.5 https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
ssvc Track https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-53566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566
https://lists.debian.org/debian-lts-announce/2025/02/msg00003.html
CVE-2024-53566 https://nvd.nist.gov/vuln/detail/CVE-2024-53566
e7c0f44ffb38c00320aa1a6d98bee616 https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
manager.c#L2556 https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/ Found at https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/ Found at https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
Exploit Prediction Scoring System (EPSS)
Percentile 0.00778
EPSS Score 0.0001
Published At Aug. 7, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:35:59.571426+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.20/main.json 37.0.0