CVE-2011-1599
Asterisk < 1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3, C.3.6.4 - Remote Command Execution via Manager Interface
Title source: llmDescription
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
References (12)
Core 12
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1188
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2225
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/22/6
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47537
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1086
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1025433
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1107
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44529
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
Vendor Advisory x_refsource_confirm
http://downloads.digium.com/pub/security/AST-2011-006.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44197
Scores
EPSS
0.0313
EPSS Percentile
86.3%
Details
CWE
CWE-20
Status
published
Products (29)
digium/asterisk
1.4.0 (5 CPE variants)
digium/asterisk
1.4.1
digium/asterisk
1.4.2
digium/asterisk
1.4.3
digium/asterisk
1.4.10
digium/asterisk
1.4.10.1
digium/asterisk
1.4.11
digium/asterisk
1.4.12
digium/asterisk
1.4.12.1
digium/asterisk
1.4.13
... and 19 more
Published
Apr 27, 2011
Tracked Since
Feb 18, 2026