hyp164D1/CVE-2024-53566.txt

## CVE-2024-53566.txt
[CVE ID]
CVE-2024-53566

[Description]
An issue in the action_listcategories() function of Sangoma Asterisk
v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
execute a path traversal.

------------------------------------------

[Additional Information]
This may lead to serious configuration information leakage

Python:
# Request file data
   cfg = ami_msg('ListCategories', {'Filename': '../../../../../../../../' + args.file})
   resp = tcp_send_rcv(sock, cfg)

------------------------------------------

[Vulnerability Type]
Directory Traversal

------------------------------------------

[Vendor of Product]
Sangoma Asterisk

------------------------------------------

[Affected Product Code Base]
Sangoma Asterisk - asterisk 22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1

------------------------------------------

[Affected Component]
https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
manager.conf,action_listcategories()

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
Write an attack script and then exploit a path traversal vulnerability to obtain configuration file related information while logging into AMI.

------------------------------------------

[Reference]
https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
	[CVE ID]
	CVE-2024-53566

	[Description]
	An issue in the action_listcategories() function of Sangoma Asterisk
	v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
	execute a path traversal.

	------------------------------------------

	[Additional Information]
	This may lead to serious configuration information leakage

	Python:
	# Request file data
	cfg = ami_msg('ListCategories', {'Filename': '../../../../../../../../' + args.file})
	resp = tcp_send_rcv(sock, cfg)

	------------------------------------------

	[Vulnerability Type]
	Directory Traversal

	------------------------------------------

	[Vendor of Product]
	Sangoma Asterisk

	------------------------------------------

	[Affected Product Code Base]
	Sangoma Asterisk - asterisk 22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1

	------------------------------------------

	[Affected Component]
	https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
	manager.conf,action_listcategories()

	------------------------------------------

	[Attack Type]
	Remote

	------------------------------------------

	[Impact Information Disclosure]
	true

	------------------------------------------

	[Attack Vectors]
	Write an attack script and then exploit a path traversal vulnerability to obtain configuration file related information while logging into AMI.

	------------------------------------------

	[Reference]
	https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556