Login Sign Up

CVE-2024-42365

7.4 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated Asterisk Manager Interface (AMI) users with 'write=originate' permissions to modify configuration files in /etc/asterisk/ directory. Attackers can write or append to files via the FILE function in SET application, potentially leading to privilege escalation or remote code execution. Affects Asterisk PBX systems with vulnerable versions and AMI users with specific permissions.

💻 Affected Systems

Products:
  • Asterisk
  • Certified Asterisk
Versions: Asterisk versions prior to 18.24.2, 20.9.2, and 21.4.2; Certified Asterisk versions prior to 18.9-cert11 and 20.7-cert2
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ✅ No
Notes: Requires AMI user with 'write=originate' permission enabled in manager.conf. Default configurations may not have this permission granted.

📦 What is this software?

Asterisk by Asterisk

View all CVEs affecting Asterisk →

Asterisk by Asterisk

View all CVEs affecting Asterisk →

Asterisk by Asterisk

View all CVEs affecting Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

Certified Asterisk by Asterisk

View all CVEs affecting Certified Asterisk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution leading to complete control of the Asterisk server, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Privilege escalation allowing attackers to modify Asterisk configuration to enable unauthorized call routing, eavesdropping, or further system exploitation.

🟢

If Mitigated

Limited impact if proper access controls restrict AMI users and network exposure, though configuration file corruption could still cause service disruption.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated AMI access with specific permissions. The vulnerability is in the SET application's FILE function handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Asterisk 18.24.2, 20.9.2, 21.4.2; Certified Asterisk 18.9-cert11, 20.7-cert2

Vendor Advisory: https://github.com/asterisk/asterisk/security/advisories

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Update Asterisk to patched version using package manager or source compilation. 3. Restart Asterisk service. 4. Verify version and test functionality.

🔧 Temporary Workarounds

Restrict AMI User Permissions

linux

Remove 'write=originate' permission from AMI users who don't require it in manager.conf

Edit /etc/asterisk/manager.conf and modify or remove 'write = originate' from user definitions

Network Access Control

linux

Restrict AMI interface access to trusted IP addresses only

Edit /etc/asterisk/manager.conf and add 'permit=' lines with specific IP addresses

🧯 If You Can't Patch

  • Remove 'write=originate' permission from all AMI users in manager.conf file
  • Implement network segmentation to isolate Asterisk server and restrict AMI access to management network only

🔍 How to Verify

Check if Vulnerable:

Check Asterisk version and compare with affected versions. Review manager.conf for users with 'write=originate' permission.

Check Version:

asterisk -V

Verify Fix Applied:

Verify Asterisk version is patched and test that FILE function in SET application no longer allows file writes to /etc/asterisk/

📡 Detection & Monitoring

Log Indicators:

  • Unusual AMI authentication attempts
  • SET application calls with FILE function targeting /etc/asterisk/
  • Configuration file modification timestamps

Network Indicators:

  • AMI traffic from unexpected sources
  • Unusual patterns in AMI command sequences

SIEM Query:

source="asterisk.log" AND ("SET" AND "FILE" AND "/etc/asterisk/")

📊 Metadata

CVE ID: CVE-2024-42365
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE: CWE-267
Published: August 8, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42365, you might also want to check these:

CVE-2023-22647 9.9

This CVE-2023-22647 vulnerability in SUSE Rancher allows standard users with existing permissions to...

Same vulnerability type (CWE-267)
CVE-2024-39866 8.8

This vulnerability in SINEMA Remote Connect Server allows attackers with access to the backup encryp...

Same vulnerability type (CWE-267)
CVE-2026-23526 8.8

CVAT users with staff status can escalate their own privileges to superuser/admin level, gaining ful...

Same vulnerability type (CWE-267)