PT-2014-5694 · Digium · Asterisk

Publicado

2014-06-17

Atualizado

2018-10-09

CVE-2014-4046

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 11.x through 11.10.0 Asterisk Open Source versions 12.x through 12.3.0 Certified Asterisk versions 11.6 through 11.6-cert2

Description The issue allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

Recommendations For Asterisk Open Source versions 11.x through 11.10.0, update to version 11.10.1 or later. For Asterisk Open Source versions 12.x through 12.3.0, update to version 12.3.1 or later. For Certified Asterisk versions 11.6 through 11.6-cert2, update to version 11.6-cert3 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2014-4046

DLA-455-1

MGASA-2014-0300

Produtos afetados

Asterisk

PT-2014-5694 · Digium · Asterisk

CVE-2014-4046

Identificadores relacionados

Produtos afetados

Referências · 14