David Woolley

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.6.2.x through 1.6.2.23 Asterisk Open Source versions 1.8.x through 1.8.11.0 Asterisk Open Source versions 10.x through 10.3.0 Asterisk Business Edition C.3.x through C.3.7.3 **Description** The issue allows remote authenticated users to execute arbitrary commands. This can be achieved via the originate action in the MixMonitor application, or the SHELL and EVAL functions in the GetVar or Status manager actions. **Recommendations** For Asterisk Open Source versions 1.6.2.x through 1.6.2.23, update to version 1.6.2.24 or later. For Asterisk Open Source versions 1.8.x through 1.8.11.0, update to version 1.8.11.1 or later. For Asterisk Open Source versions 10.x through 10.3.0, update to version 10.3.1 or later. For Asterisk Business Edition C.3.x through C.3.7.3, update to version C.3.7.4 or later.