CVE-2024-42365 | Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan

Exp

Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.

Published: 2024-08-08 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2024-42365 is rated High Exploit Risk (71.3/100): CVSS High severity, with high exploitation likelihood (EPSS 4.67%, 91th percentile). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2024-42365

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2024-42365

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 31.95% 4.67% -27.29%
2 2026-03-16 34.24% 31.95% -2.29%
3 2026-01-16 34.24%

Full EPSS history (23 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-42365

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.4 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:L)
Might cause slowdowns, glitches, or partial disruption—not a full brick.
3.1 3.7 [email protected]
8.8 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
2.8 5.9 [email protected]

Weakness enumeration for CVE-2024-42365

OS Trackers for CVE-2024-42365

vendor priority summary link
alpine CVE-2024-42365: 1 source package rows (asterisk); 82 state rows across 7 repos (3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 7, open 75. https://security.alpinelinux.org/vuln/CVE-2024-42365
debian not yet assigned CVE-2024-42365 not yet assigned priority: Debian including 1 source packages (asterisk), 2 status rows across 2 suites (bullseye, sid): resolved 2. https://security-tracker.debian.org/tracker/CVE-2024-42365
ubuntu medium CVE-2024-42365 medium priority: Ubuntu including 1 source packages (asterisk), 9 status rows across 9 suites (bionic, focal, jammy, noble, oracular, plucky, questing, upstream, xenial): needs-triage 7, ignored 2. https://ubuntu.com/security/CVE-2024-42365

Affected software / configurations for CVE-2024-42365

Vendor Product Version Raw CPE
asterisk asterisk < 18.24.2 cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
asterisk asterisk >= 19.0.0, < 20.9.1 cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
asterisk asterisk 21.4.0 cpe:2.3:a:asterisk:asterisk:21.4.0:*:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
asterisk certified_asterisk 13.13.0 cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert10:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert11:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert12:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert13:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert14:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
asterisk certified_asterisk 16.8 cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
asterisk certified_asterisk 16.8.0 cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert10:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert2:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert3:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert4:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert5:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert6:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert7:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
asterisk certified_asterisk 18.9 cpe:2.3:a:asterisk:certified_asterisk:18.9:cert9:*:*:*:*:*:*
asterisk certified_asterisk 20.7 cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1:*:*:*:*:*:*
asterisk certified_asterisk 20.7 cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*
asterisk certified_asterisk 20.7 cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*

References for CVE-2024-42365

URL Tags
https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426 Issue Tracking
https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426 Issue Tracking
https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 Patch
https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8 Patch
https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 Patch
https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993 Patch
https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2 Patch
https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44 Exploit Technical Description Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html
cvelogic Threat Intelligence