An issue exists in manager.c in Sangoma Asterisk up to and including 13.x, 16.x, 17.x and Certified Asterisk 13.21 up to and including 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium certified asterisk 13.21.0 |
||
digium asterisk |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |