CVE-2014-8418

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.8.x through 1.8.31 Asterisk Open Source versions 11.x through 11.1.4 Asterisk Open Source versions 12.x through 12.7.0 Asterisk Open Source versions 13.x through 13.0.0 Certified Asterisk versions 1.8.x through 1.8.27-cert7 Certified Asterisk versions 11.6.x through 11.6-cert7

Description The issue allows remote authenticated users to gain privileges via a call from an external protocol. This can be demonstrated by the AMI protocol.

Recommendations For Asterisk Open Source versions 1.8.x through 1.8.31, update to version 1.8.32 or later. For Asterisk Open Source versions 11.x through 11.1.4, update to version 11.1.4.1 or later. For Asterisk Open Source versions 12.x through 12.7.0, update to version 12.7.1 or later. For Asterisk Open Source versions 13.x through 13.0.0, update to version 13.0.1 or later. For Certified Asterisk versions 1.8.x through 1.8.27-cert7, update to version 1.8.28-cert8 or later. For Certified Asterisk versions 11.6.x through 11.6-cert7, update to version 11.6-cert8 or later.