CVE-2014-8417

Name of the Vulnerable Software and Affected Versions Asterisk versions 11.x through 11.14.0 Asterisk versions 12.x through 12.7.0 Asterisk versions 13.x through 13.0.0 Certified Asterisk versions 11.6 through 11.6-cert7

Description The issue allows remote authenticated users to gain privileges or execute arbitrary system commands. This can be achieved via vectors related to an external protocol to the CONFBRIDGE dialplan function or through a crafted ConfbridgeStartRecord AMI action.

Recommendations For Asterisk versions 11.x through 11.14.0, update to version 11.14.1 or later. For Asterisk versions 12.x through 12.7.0, update to version 12.7.1 or later. For Asterisk versions 13.x through 13.0.0, update to version 13.0.1 or later. For Certified Asterisk versions 11.6 through 11.6-cert7, update to version 11.6-cert8 or later.