Tilghman Lesher

**Name of the Vulnerable Software and Affected Versions** Asterisk versions 1.4.x through 1.4.14 Asterisk versions 1.2.x through 1.2.24 Asterisk versions B.x through B.2.3.3 Asterisk versions C.x through C.1.0-beta5 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via the ANI and DNIS arguments in the Call Detail Record Postgres logging engine. **Recommendations** For Asterisk versions 1.4.x through 1.4.14, update to version 1.4.15 or later. For Asterisk versions 1.2.x through 1.2.24, update to version 1.2.25 or later. For Asterisk versions B.x through B.2.3.3, update to version B.2.3.4 or later. For Asterisk versions C.x through C.1.0-beta5, update to version C.1.0-beta6 or later.