The DB dialplan function in Asterisk Open Source 1.8.x prior to 1.8.32, 11.x prior to 11.1.4.1, 12.x prior to 12.7.1, and 13.x prior to 13.0.1 and Certified Asterisk 1.8 prior to 1.8.28-cert8 and 11.6 prior to 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium certified asterisk 1.8.28 |
||
digium certified asterisk 11.6.0 |
||
digium certified asterisk 11.6 |
||
digium asterisk |