CVE-2014-4046 — Asterisk vulnerability

6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.4%

top 19.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk Digium Certified Asterisk

Timeline

PublishedJun 17

Latest updateMay 14

Description

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages4 packages

▶NVDdigium/certified_asterisk11.6, 11.6.0+1

▶debiandebian/asterisk< asterisk 1:11.10.2~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:11.10.2~dfsg-1

▶NVDdigium/asterisk20 versions+19

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-w674-3mq5-fw7c: Asterisk Open Source 11↗2022-05-14

▶

OSV

CVE-2014-4046: Asterisk Open Source 11↗2014-06-17

▶

📋Vendor Advisories

Debian

CVE-2014-4046: asterisk - Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified As...↗2014

▶

💬Community

Bugzilla

CVE-2014-4046 asterisk: Manager User Unauthorized Shell Access (AST-2014-006) [fedora-all]↗2014-06-13

▶

Bugzilla

CVE-2014-4046 asterisk: Manager User Unauthorized Shell Access (AST-2014-006)↗2014-06-13

▶