PT-2014-5694 · Digium · Asterisk

Published

2014-06-17

Updated

2018-10-09

CVE-2014-4046

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 11.x through 11.10.0 Asterisk Open Source versions 12.x through 12.3.0 Certified Asterisk versions 11.6 through 11.6-cert2

Description The issue allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

Recommendations For Asterisk Open Source versions 11.x through 11.10.0, update to version 11.10.1 or later. For Asterisk Open Source versions 12.x through 12.3.0, update to version 12.3.1 or later. For Certified Asterisk versions 11.6 through 11.6-cert2, update to version 11.6-cert3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-4046

DLA-455-1

MGASA-2014-0300

Affected Products

Asterisk

PT-2014-5694 · Digium · Asterisk

CVE-2014-4046

Related Identifiers

Affected Products

References · 14