CVE-2024-53566
📋 TL;DR
A path traversal vulnerability in the action_listcategories() function of Asterisk allows attackers to access files outside the intended directory. This affects Asterisk versions 22.0.0 through 22.0.0-rc2 when the Manager interface is enabled. Attackers could potentially read sensitive configuration files or system information.
💻 Affected Systems
- Sangoma Asterisk
📦 What is this software?
Asterisk by Sangoma
Asterisk by Sangoma
Asterisk by Sangoma
Asterisk by Sangoma
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files, configuration files with credentials, or other protected data, potentially leading to further system compromise.
Likely Case
Unauthorized reading of Asterisk configuration files, potentially exposing passwords, API keys, or other sensitive configuration data.
If Mitigated
Limited impact if proper network segmentation and access controls prevent unauthorized access to the Manager interface.
🎯 Exploit Status
Exploitation requires access to the Asterisk Manager Interface (AMI). The vulnerability is in the action_listcategories() function which handles file path validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 22.0.1 or later
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/02/msg00003.html
Restart Required: Yes
Instructions:
1. Update Asterisk to version 22.0.1 or later. 2. Restart the Asterisk service. 3. Verify the patch is applied by checking the version.
🔧 Temporary Workarounds
Disable Manager Interface
linuxDisable the Asterisk Manager Interface if not required for operations.
Edit /etc/asterisk/manager.conf and comment out or remove the [general] section or set enabled = no
Restart Asterisk: systemctl restart asterisk
Restrict Manager Interface Access
linuxConfigure firewall rules to restrict access to the Manager Interface port (default 5038).
iptables -A INPUT -p tcp --dport 5038 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j DROP
🧯 If You Can't Patch
- Disable the Asterisk Manager Interface entirely if not needed.
- Implement strict network access controls to limit Manager Interface access to trusted IP addresses only.
🔍 How to Verify
Check if Vulnerable:
Check Asterisk version with 'asterisk -V' and verify if it's 22.0.0, 22.0.0-rc1, 22.0.0-rc2, or 22.0.0-pre1. Also check if manager.conf has enabled = yes.Check Version:
asterisk -VVerify Fix Applied:
Verify Asterisk version is 22.0.1 or later with 'asterisk -V'. Test Manager Interface functionality to ensure it still works properly.📡 Detection & Monitoring
Log Indicators:
- Unusual Manager Interface access attempts
- Failed authentication attempts to Manager Interface
- Access to unexpected file paths in logs
Network Indicators:
- Unusual traffic to port 5038 (default Manager Interface port)
- Traffic patterns indicating path traversal attempts
SIEM Query:
source="asterisk.log" AND ("Manager" OR "action_listcategories" OR "path traversal")