Alan Frisch

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.15.0 Asterisk Open Source version 10.x through 10.7.0 Certified Asterisk versions 1.8.11 through 1.8.11-cert6 Asterisk Digiumphones versions 10.x.x-digiumphones through 10.7.0-digiumphones Asterisk Business Edition C.3.x through C.3.7.5 **Description** The issue allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of peer credentials, due to the lack of ACL rule enforcement during certain uses of these credentials. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.15.0, update to version 1.8.15.1 or later. For Asterisk Open Source version 10.x through 10.7.0, update to version 10.7.1 or later. For Certified Asterisk versions 1.8.11 through 1.8.11-cert6, update to version 1.8.11-cert7 or later. For Asterisk Digiumphones versions 10.x.x-digiumphones through 10.7.0-digiumphones, update to version 10.7.1-digiumphones or later. For Asterisk Business Edition C.3.x through C.3.7.5, update to version C.3.7.6 or later.