Asterisk Insecure Permissions Vulnerability Allowing Remote Code Execution in Version 22

Vulnerability

An insecure permissions vulnerability has been identified in Asterisk version 22. This vulnerability allows remote attackers to execute arbitrary code by exploiting the action_createconfig function. The issue arises from unrestricted permissions that enable the creation of configuration files, which can lead to excessive consumption of system resources.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the affected system. Additionally, the vulnerability allows for unrestricted creation of configuration files, which could exhaust disk space and deplete system resources.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Asterisk Insecure Permissions Vulnerability Allowing Remote Code Execution in Version 22

Vulnerability

Impact

Affected Products

Asterisk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating