cbcvebase.
CVE-2014-4046
published 2014-06-17

CVE-2014-4046: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to…

PriorityP342medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
5.68%
92.0th percentile
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:11.10.2~dfsg-1 (bullseye)asterisk 1:11.10.2~dfsg-1 (bullseye)
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk>= 0 < 1:11.10.2~dfsg-11:11.10.2~dfsg-1
digiumcertified_asterisk
digiumcertified_asterisk

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.