CVE-2006-2020

Asterisk@Home <2.8 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2020. PoCs published by Francois Harvey.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in Asterisk Recording Interface due to improper input sanitization. It allows attackers to retrieve arbitrary audio files or check for the existence of files on the system.

Description

Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Francois Harvey · textremotemultiple
https://www.exploit-db.com/exploits/27716

The provided text describes an information disclosure vulnerability in Asterisk Recording Interface due to improper input sanitization. It allows attackers to retrieve arbitrary audio files or check for the existence of files on the system.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Asterisk Recording Interface
No auth needed
Prerequisites: Access to the vulnerable web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/431655/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25993
Exploit, Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/24805
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17641
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1457
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19744

Scores

EPSS 0.0801
EPSS Percentile 94.1%

Details

Status published
Products (1)
asteriskathome/asteriskathome < 2.6
Published Apr 25, 2006
Tracked Since Feb 18, 2026