Details of VAR-202602-0626

ID

VAR-202602-0626

CVE

CVE-2026-23740

TITLE

Sangoma of Asterisk Vulnerabilities related to uncontrolled search path elements in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-003103

DESCRIPTION

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. 20.7-cert9 , 20.18.2 , 21.12.1 , 22.8.2 ,and 23.2.2 Fixed inAll information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-23740 // JVNDB: JVNDB-2026-003103

AFFECTED PRODUCTS

vendor:	sangoma	model:	certified asterisk	scope:	eq	version:	16.8.0	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	lt	version:	21.12.1	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	lt	version:	20.18.2	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	gte	version:	23.0.0	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	gte	version:	21.0.0	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	gte	version:	22.0.0	Trust: 1.0
vendor:	sangoma	model:	certified asterisk	scope:	eq	version:	18.9	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	lt	version:	22.8.2	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	lt	version:	23.2.2	Trust: 1.0
vendor:	sangoma	model:	certified asterisk	scope:	eq	version:	13.13.0	Trust: 1.0
vendor:	sangoma	model:	certified asterisk	scope:	eq	version:	20.7	Trust: 1.0
vendor:	sangoma	model:	certified asterisk	scope:	eq	version:	16.8	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	-	version:	-	Trust: 0.8
vendor:	sangoma	model:	certified asterisk	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-003103 // NVD: CVE-2026-23740

CVSS

SEVERITY

CVSSV2

CVSSV3

security-advisories@github.com:	CVE-2026-23740
value:	NONE
Trust: 1.0
nvd@nist.gov:	CVE-2026-23740
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-23740
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-23740
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-23740
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
security-advisories@github.com:	CVE-2026-23740
baseSeverity:	NONE
baseScore:	0.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	0.0
version:	3.1
Trust: 1.0
NVD:	CVE-2026-23740
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-003103 // NVD: CVE-2026-23740 // NVD: CVE-2026-23740 // NVD: CVE-2026-23740

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.0
problemtype:	Uncontrolled search path elements (CWE-427) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-003103 // NVD: CVE-2026-23740

PATCH

title:

ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation Advisory asterisk/asterisk GitHub

url:

https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c

Trust: 0.8

sources: JVNDB: JVNDB-2026-003103

EXTERNAL IDS

db:	NVD	id:	CVE-2026-23740	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-003103	Trust: 0.8

sources: JVNDB: JVNDB-2026-003103 // NVD: CVE-2026-23740

REFERENCES

url:	https://github.com/asterisk/asterisk/security/advisories/ghsa-xpc6-x892-v83c	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-23740	Trust: 0.8

sources: JVNDB: JVNDB-2026-003103 // NVD: CVE-2026-23740

SOURCES

db:	JVNDB	id:	JVNDB-2026-003103
db:	NVD	id:	CVE-2026-23740

LAST UPDATE DATE

2026-02-12T23:50:17.784000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-003103	date:	2026-02-12T07:25:00
db:	NVD	id:	CVE-2026-23740	date:	2026-02-10T18:25:39.730

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-003103	date:	2026-02-12T00:00:00
db:	NVD	id:	CVE-2026-23740	date:	2026-02-06T17:16:26.290