Remote Command Execution Vulnerability in Asterisk Open Source and Business Edition
CVE-2012-2414

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 30 April 2012

What is CVE-2012-2414?

The Manager Interface in Asterisk contains a vulnerability related to system class authorization enforcement. This flaw enables remote authenticated users to execute arbitrary commands using specific actions, such as the originate action in the MixMonitor application or via SHELL and EVAL functions in both the GetVar and Status manager actions. Affected versions include multiple releases of Asterisk Open Source and Asterisk Business Edition prior to designated patches.

References

http://www.debian.org/security/2012/dsa-2460

vendor-advisoryx_refsource_DEBIAN

http://osvdb.org/81454

vdb-entryx_refsource_OSVDB

http://www.securitytracker.com/id?1026961

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Apr 30, 2012
Vulnerability Reserved
Apr 23, 2012