Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:L/Au:S/C:C/I:C/A:C
Vendors | Products |
---|---|
Asterisk |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2012-08-31T14:00:00
Updated: 2012-10-31T09:00:00
Reserved: 2012-04-04T00:00:00
Link: CVE-2012-2186
JSON object: View
NVD Information
Status : Modified
Published: 2012-08-31T14:55:00.950
Modified: 2013-04-19T03:21:20.003
Link: CVE-2012-2186
JSON object: View
Redhat Information
No data.
CWE