hyp164D1

[Suggested description]
Insecure Permissions vulnerability in asterisk v22 allows a remote
attacker to execute arbitrary code via the action_createconfig function

------------------------------------------

[Vulnerability Type]
Insecure Permissions

------------------------------------------

hyp164D1

[CVE ID]
CVE-2024-53566

[Description]
An issue in the action_listcategories() function of Sangoma Asterisk
v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
execute a path traversal.

------------------------------------------

hyp164D1

Duplicate of CVE-2024-53564

[Description]
A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX
does not verify the type of uploaded files and does not restrict user
access paths, allowing attackers to remotely control the FreePBX server
by uploading malicious files with malicious content and accessing the
default directory where the files are uploaded. This will result in
particularly serious consequences.

hyp164D1

[CVE ID]
CVE-2024-53564

[Description]
An authenticated arbitrary file upload vulnerability in the component
/module_admin/upload.php of freepbx v17.0.19.17 allows attackers to
execute arbitrary code via uploading a crafted file.

------------------------------------------