Incomplete Blacklist Vulnerability in Asterisk Open Source by Digium
CVE-2012-2186

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 31 August 2012

What is CVE-2012-2186?

An incomplete blacklist vulnerability exists in Asterisk, enabling authenticated remote users to execute arbitrary commands by exploiting originate privileges through the ExternalIVR parameter in an AMI Originate action. This flaw affects various versions of Asterisk, including those in the Open Source, Certified, and Business Editions, posing a significant risk to users relying on these platforms.

References

http://secunia.com/advisories/50687

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/50756

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2012/dsa-2550

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Aug 31, 2012
Vulnerability Reserved
Apr 4, 2012