CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-42365

Medium Severity
Asterisk
SVRS
30/100
CVSSv3
8.8/10
EPSS
0.3338/1

CVE-2024-42365 is a critical vulnerability in Asterisk, an open-source PBX and telephony toolkit, allowing an AMI user with write=originate privileges to modify configuration files. This vulnerability stems from the ability to use curl to fetch remote files and the FILE function to append to existing files within the /etc/asterisk/ directory. The risk includes potential privilege escalation, remote code execution, and blind server-side request forgery. While the CVSS score is 8.8 indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower level of immediate threat compared to vulnerabilities with SVRS scores above 80. Organizations using vulnerable Asterisk versions should upgrade to versions 18.24.2, 20.9.2, 21.4.2, 18.9-cert11, or 20.7-cert2 to mitigate this risk. Although the SVRS is relatively low, the potential impact is severe and warrants prompt attention to prevent exploitation. The ability to manipulate configuration files provides attackers with a significant foothold within the system.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-08
LAST MODIFIED2024-09-16
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-42365 is a vulnerability in Asterisk, an open-source PBX and telephony toolkit. It allows an AMI user with write=originate to change all configuration files in the /etc/asterisk/ directory, leading to privilege escalation, remote code execution, or blind server-side request forgery with arbitrary protocol. The SVRS for this CVE is 34, indicating a moderate risk.

Key Insights

  • Privilege Escalation: The vulnerability allows an attacker to gain elevated privileges on the target system, potentially leading to complete control.
  • Remote Code Execution: An attacker can execute arbitrary code on the vulnerable system, allowing them to install malware, steal data, or disrupt operations.
  • Blind Server-Side Request Forgery: The vulnerability can be exploited to forge requests on behalf of the server, potentially leading to unauthorized actions or data breaches.

Mitigation Strategies

  • Update Asterisk: Upgrade to Asterisk versions 18.24.2, 20.9.2, or 21.4.2, or certified-asterisk versions 18.9-cert11 or 20.7-cert2, which contain a fix for this issue.
  • Restrict AMI Access: Limit access to the AMI interface to only authorized users and implement strong authentication mechanisms.
  • Monitor for Suspicious Activity: Monitor logs and network traffic for any suspicious activity that may indicate exploitation of this vulnerability.
  • Implement Intrusion Detection and Prevention Systems: Deploy intrusion detection and prevention systems to detect and block malicious activity targeting this vulnerability.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • In the Wild: The vulnerability is actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Metasploit Weekly Wrap-Up 12/06/2024
Christophe De La Fuente2024-12-06
Metasploit Weekly Wrap-Up 12/06/2024 | Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover on Wordpress, a local privilegePost-Thanksgiving Big Release <img alt="Metasploit Weekly
rapid7.com
rss
forum
news
CVE-2024-42365 | Asterisk PBX Configuration File /etc/asterisk/ privilege defined with unsafe actions (Nessus ID 209341)
vuldb.com2024-12-03
CVE-2024-42365 | Asterisk PBX Configuration File /etc/asterisk/ privilege defined with unsafe actions (Nessus ID 209341) | A vulnerability, which was classified as critical, has been found in Asterisk PBX up to 18.9-cert10/18.24.1/20.9.1/20.7-cert1/21.4.1. Affected by this issue is some unknown functionality of the file /etc/asterisk/ of the component Configuration File Handler. The manipulation leads to privilege defined with unsafe actions. This vulnerability is handled as <a href
vuldb.com
rss
forum
news

Social Media

CVE-2024-42365 (CVSS:7.4, HIGH) is Undergoing Analysis. Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9..https://t.co/5Cm5jeHDQ6 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-42365 Privilege Escalation and RCE in Asterisk AMI Function Prior to 21.4.2 Asterisk is a free phone system tool and toolkit. Before versions 18.24.2, 20.9.2, and 21.4.2, and certified-asterisk versions ... https://t.co/v1y92jCWz0
0
0
0
CVE-2024-42365 Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions… https://t.co/ky8TUVaO8b
0
0
0
CVE-2024-42365 Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions… https://t.co/dG086AQIHT
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppAsteriskasterisk
Configuration 2
TypeVendorProduct
AppAsteriskcertified_asterisk

References

ReferenceLink
[email protected]https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
[email protected]https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
[email protected]https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
[email protected]https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
[email protected]https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
[email protected]https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
[email protected]https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
[email protected]https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
GITHUBhttps://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44

CWE Details

CWE IDCWE NameDescription
CWE-1220Insufficient Granularity of Access ControlThe product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
CWE-267Privilege Defined With Unsafe ActionsA particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence