ConfBridge in Asterisk 11.x prior to 11.14.1, 12.x prior to 12.7.1, and 13.x prior to 13.0.1 and Certified Asterisk 11.6 prior to 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
digium asterisk |
||
digium certified asterisk 11.6.0 |
||
digium certified asterisk 11.6 |
Vulmon