CVE-2011-1599

Asterisk < 1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3, C.3.6.4 - Remote Command Execution via Manager Interface

Title source: llm
STIX 2.1

Description

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

References (12)

Core 12
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1188
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2225
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/22/6
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47537
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1086
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025433
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1107
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44529
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44197

Scores

EPSS 0.0313
EPSS Percentile 86.3%

Details

CWE
CWE-20
Status published
Products (29)
digium/asterisk 1.4.0 (5 CPE variants)
digium/asterisk 1.4.1
digium/asterisk 1.4.2
digium/asterisk 1.4.3
digium/asterisk 1.4.10
digium/asterisk 1.4.10.1
digium/asterisk 1.4.11
digium/asterisk 1.4.12
digium/asterisk 1.4.12.1
digium/asterisk 1.4.13
... and 19 more
Published Apr 27, 2011
Tracked Since Feb 18, 2026