Eliel Sardañons

**Name of the Vulnerable Software and Affected Versions** Sangoma Asterisk versions 13.x through 17.x Certified Asterisk versions 13.21 through 13.21-cert4 **Description** An issue was discovered in the manager.c file, allowing a remote authenticated Asterisk Manager Interface (AMI) user without system authorization to execute arbitrary system commands using a specially crafted Originate AMI request. **Recommendations** For Sangoma Asterisk versions 13.x through 17.x, consider disabling the Originate AMI request functionality until a patch is available. For Certified Asterisk versions 13.21 through 13.21-cert4, restrict access to the AMI interface to minimize the risk of exploitation. As a temporary workaround, consider limiting the privileges of authenticated AMI users to prevent the execution of arbitrary system commands.