Zubair Ashraf

**Name of the Vulnerable Software and Affected Versions** PowerShell (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability in the PowerShell interpreter, associated with insufficient access restrictions. Exploitation of this issue may allow a remote attacker to execute arbitrary code, affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.3.20 **Description** The issue is related to the CookieInterceptor in Apache Struts, where an incomplete fix for a previous issue leads to improper access restriction to the getClass method when a wildcard cookiesName value is used. This allows remote attackers to manipulate the ClassLoader and modify session state via a crafted request. The vulnerability can be exploited by sending a specially crafted request, potentially allowing attackers to read, modify, or delete data. **Recommendations** For versions prior to 2.3.20, update to version 2.3.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the getClass method of the CookieInterceptor class until a patch is available. Avoid using wildcard values for the cookiesName parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.15.0 Asterisk Open Source versions 10.x through 10.7.0 Certified Asterisk version 1.8.11 through 1.8.11-cert5 Asterisk Digiumphones versions 10.x.x-digiumphones through 10.7.0-digiumphones Asterisk Business Edition versions C.3.x through C.3.7.5 **Description** The issue allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action, such as "/api/originate" or similar API endpoints, by manipulating the `ExternalIVR` variable. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.15.0, update to version 1.8.15.1 or later. For Asterisk Open Source versions 10.x through 10.7.0, update to version 10.7.1 or later. For Certified Asterisk version 1.8.11 through 1.8.11-cert5, update to version 1.8.11-cert6 or later. For Asterisk Digiumphones versions 10.x.x-digiumphones through 10.7.0-digiumphones, update to version 10.7.1-digiumphones or later. For Asterisk Business Edition versions C.3.x through C.3.7.5, update to version C.3.7.6 or later.