Vulnerability Details CVE-2014-4046
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.5%
CVSS Severity
CVSS v2 Score 6.5
References
- http://downloads.asterisk.org/pub/security/AST-2014-006.html
- http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html
- http://www.securityfocus.com/archive/1/532419/100/0/threaded
- http://downloads.asterisk.org/pub/security/AST-2014-006.html
- http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html
- http://www.securityfocus.com/archive/1/532419/100/0/threaded
Products affected by CVE-2014-4046
-
cpe:2.3:a:digium:asterisk:11.0.0
-
cpe:2.3:a:digium:asterisk:11.0.1
-
cpe:2.3:a:digium:asterisk:11.0.2
-
cpe:2.3:a:digium:asterisk:11.1.0
-
cpe:2.3:a:digium:asterisk:11.1.1
-
cpe:2.3:a:digium:asterisk:11.1.2
-
cpe:2.3:a:digium:asterisk:11.10.0
-
cpe:2.3:a:digium:asterisk:11.2.0
-
cpe:2.3:a:digium:asterisk:11.3.0
-
cpe:2.3:a:digium:asterisk:11.4.0
-
cpe:2.3:a:digium:asterisk:11.5.0
-
cpe:2.3:a:digium:asterisk:11.5.1
-
cpe:2.3:a:digium:asterisk:11.8.0
-
cpe:2.3:a:digium:asterisk:11.8.1
-
cpe:2.3:a:digium:asterisk:11.9.0
-
cpe:2.3:a:digium:asterisk:12.0.0
-
cpe:2.3:a:digium:asterisk:12.1.0
-
cpe:2.3:a:digium:asterisk:12.1.1
-
cpe:2.3:a:digium:asterisk:12.2.0
-
cpe:2.3:a:digium:asterisk:12.3.0
-
cpe:2.3:a:digium:certified_asterisk:11.6
-
cpe:2.3:a:digium:certified_asterisk:11.6.0