Primary

Context

Asterisk Privilege Escalation Vulnerability via ast_coredumper Script

Vulnerability

Patched

A vulnerability exists in Asterisk versions through 23.2.1, 22.8.1, 21.12.0, 20.18.1, and 20.7-cert8, where the ast_coredumper script runs with root privileges. The script sources the /etc/asterisk/ast_debug_tools.conf file, which can be modified by users with write access to the Asterisk directory. This allows an attacker to inject arbitrary bash code that is executed as root when the script is run. The issue has been patched in Asterisk versions 23.2.2, 22.8.2, 21.12.1, 20.18.2, and 20.7-cert9.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to execute arbitrary code with root privileges.

Remediation

Users can upgrade to Asterisk versions 23.2.2, 22.8.2, 21.12.1, 20.18.2, or 20.7-cert9 to address this vulnerability.

Added: Feb 6, 2026, 5:23 PM

Updated: Feb 7, 2026, 12:04 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

3.1

exploitability

2.6

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

3.1

exploitability

2.6

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Asterisk Privilege Escalation Vulnerability via ast_coredumper Script

Vulnerability

Impact

Remediation

Affected Products

Asterisk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating