Details of VAR-202602-1571

ID

VAR-202602-1571

CVE

CVE-2026-23741

TITLE

Sangoma of Asterisk Vulnerabilities related to uncontrolled search path elements in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-004115

DESCRIPTION

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. Version 20.7-cert9 , 20.18.2 , 21.12.1 , 22.8.2 ,and 23.2.2 Previously, asterisk/contrib/scripts/ast_coredumper But root It will be executed with permission. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-23741 // JVNDB: JVNDB-2026-004115

AFFECTED PRODUCTS

vendor:	sangoma	model:	asterisk	scope:	lt	version:	23.2.2	Trust: 1.0
vendor:	sangoma	model:	certified asterisk	scope:	lte	version:	18.9	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	lt	version:	21.12.1	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	gte	version:	21.0.0	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	lt	version:	20.18.2	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	gte	version:	23.0.0	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	lt	version:	22.8.2	Trust: 1.0
vendor:	sangoma	model:	certified asterisk	scope:	eq	version:	20.7	Trust: 1.0
vendor:	sangoma	model:	asterisk	scope:	gte	version:	22.0.0	Trust: 1.0
vendor:	sangoma	model:	certified asterisk	scope:	-	version:	-	Trust: 0.8
vendor:	sangoma	model:	asterisk	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004115 // NVD: CVE-2026-23741

CVSS

SEVERITY

CVSSV2

CVSSV3

security-advisories@github.com:	CVE-2026-23741
value:	NONE
Trust: 1.0
nvd@nist.gov:	CVE-2026-23741
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-23741
value:	HIGH
Trust: 0.8

security-advisories@github.com:	CVE-2026-23741
baseSeverity:	NONE
baseScore:	0.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	0.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-23741
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-23741
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004115 // NVD: CVE-2026-23741 // NVD: CVE-2026-23741

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.0
problemtype:	Uncontrolled search path elements (CWE-427) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004115 // NVD: CVE-2026-23741

PATCH

title:

ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation Advisory asterisk/asterisk GitHub

url:

https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3

Trust: 0.8

sources: JVNDB: JVNDB-2026-004115

EXTERNAL IDS

db:	NVD	id:	CVE-2026-23741	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-004115	Trust: 0.8

sources: JVNDB: JVNDB-2026-004115 // NVD: CVE-2026-23741

REFERENCES

url:	https://github.com/asterisk/asterisk/security/advisories/ghsa-rvch-3jmx-3jf3	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-23741	Trust: 0.8

sources: JVNDB: JVNDB-2026-004115 // NVD: CVE-2026-23741

SOURCES

db:	JVNDB	id:	JVNDB-2026-004115
db:	NVD	id:	CVE-2026-23741

LAST UPDATE DATE

2026-02-21T23:20:21.424000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004115	date:	2026-02-20T02:20:00
db:	NVD	id:	CVE-2026-23741	date:	2026-02-18T18:42:31.550

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004115	date:	2026-02-20T00:00:00
db:	NVD	id:	CVE-2026-23741	date:	2026-02-06T17:16:26.427