CVE-2011-1599

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.4.x through 1.4.40.1 Asterisk Open Source versions 1.6.1.x through 1.6.1.25 Asterisk Open Source versions 1.6.2.x through 1.6.2.17.3 Asterisk Open Source versions 1.8.x through 1.8.3.3 Asterisk Business Edition C.x.x through C.3.6.4

Description The issue arises from improper system privilege checking in the Manager Interface, allowing remote authenticated users to execute arbitrary commands. This can be achieved via an Originate action that includes an Async header in conjunction with an Application header.

Recommendations For Asterisk Open Source versions 1.4.x through 1.4.40.1, update to version 1.4.40.1 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.25, update to version 1.6.1.25 or later. For Asterisk Open Source versions 1.6.2.x through 1.6.2.17.3, update to version 1.6.2.17.3 or later. For Asterisk Open Source versions 1.8.x through 1.8.3.3, update to version 1.8.3.3 or later. For Asterisk Business Edition C.x.x through C.3.6.4, update to version C.3.6.4 or later.