CVE-2019-18610

Name of the Vulnerable Software and Affected Versions Sangoma Asterisk versions 13.x through 17.x Certified Asterisk versions 13.21 through 13.21-cert4

Description An issue was discovered in the manager.c file, allowing a remote authenticated Asterisk Manager Interface (AMI) user without system authorization to execute arbitrary system commands using a specially crafted Originate AMI request.

Recommendations For Sangoma Asterisk versions 13.x through 17.x, consider disabling the Originate AMI request functionality until a patch is available. For Certified Asterisk versions 13.21 through 13.21-cert4, restrict access to the AMI interface to minimize the risk of exploitation. As a temporary workaround, consider limiting the privileges of authenticated AMI users to prevent the execution of arbitrary system commands.