Lucene search
HistoryJun 17, 2014 - 2:55 p.m.
CVE-2014-4046
asterisk
open source
cve-2014-4046
remote execution
shell command
mixmonitor action
security vulnerability
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.3%
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
Affected configurations
Node
digiumasteriskMatch11.0.0
ORdigiumasteriskMatch11.0.0beta1
ORdigiumasteriskMatch11.0.0beta2
ORdigiumasteriskMatch11.0.0rc1
ORdigiumasteriskMatch11.0.0rc2
ORdigiumasteriskMatch11.0.1
ORdigiumasteriskMatch11.0.2
ORdigiumasteriskMatch11.1.0
ORdigiumasteriskMatch11.1.0rc1
ORdigiumasteriskMatch11.1.0rc3
ORdigiumasteriskMatch11.1.1
ORdigiumasteriskMatch11.1.2
ORdigiumasteriskMatch11.2.0rc1
ORdigiumasteriskMatch11.2.0rc2
ORdigiumasteriskMatch11.3.0rc1
ORdigiumasteriskMatch11.3.0rc2
ORdigiumasteriskMatch11.4.0
ORdigiumasteriskMatch11.4.0rc1
ORdigiumasteriskMatch11.4.0rc2
ORdigiumasteriskMatch11.4.0rc3
ORdigiumasteriskMatch11.5.0
ORdigiumasteriskMatch11.5.0rc1
ORdigiumasteriskMatch11.5.0rc2
ORdigiumasteriskMatch11.5.1
ORdigiumasteriskMatch11.8.0-
ORdigiumasteriskMatch11.8.0rc1
ORdigiumasteriskMatch11.8.0rc2
ORdigiumasteriskMatch11.8.0rc3
ORdigiumasteriskMatch11.8.1
ORdigiumasteriskMatch11.9.0
ORdigiumasteriskMatch11.9.0rc1
ORdigiumasteriskMatch11.9.0rc2
ORdigiumasteriskMatch11.10.0
ORdigiumasteriskMatch11.10.0rc1
Node
digiumasteriskMatch12.0.0
ORdigiumasteriskMatch12.1.0-
ORdigiumasteriskMatch12.1.0rc1
ORdigiumasteriskMatch12.1.0rc2
ORdigiumasteriskMatch12.1.0rc3
ORdigiumasteriskMatch12.1.1
ORdigiumasteriskMatch12.2.0
ORdigiumasteriskMatch12.2.0rc1
ORdigiumasteriskMatch12.2.0rc2
ORdigiumasteriskMatch12.2.0rc3
ORdigiumasteriskMatch12.3.0
ORdigiumasteriskMatch12.3.0rc1
ORdigiumasteriskMatch12.3.0rc2
Node
digiumcertified_asteriskMatch11.6cert1
ORdigiumcertified_asteriskMatch11.6cert1_rc1
ORdigiumcertified_asteriskMatch11.6cert1_rc2
ORdigiumcertified_asteriskMatch11.6cert2
ORdigiumcertified_asteriskMatch11.6.0-
ORdigiumcertified_asteriskMatch11.6.0rc1
ORdigiumcertified_asteriskMatch11.6.0rc2
Related
securityvulns
securityvulns
AST-2014-006: Asterisk Manager User Unauthorized Shell Access
2014-06-13 00:00:00
Asterisk multiple security vulnerabilities
2014-06-13 00:00:00
nessus
nessus
Asterisk Manager Interface MixMonitor Privilege Escalation (AST-2014-006)
2014-06-17 00:00:00
FreeBSD : asterisk -- multiple vulnerabilities (f109b02f-f5a4-11e3-82e9-00a098b18457)
2014-06-18 00:00:00
GLSA-201406-25 : Asterisk: Multiple vulnerabilities
2014-06-26 00:00:00
ubuntucve
ubuntucve
CVE-2014-4046
2014-06-17 00:00:00
debiancve
debiancve
CVE-2014-4046
2014-06-17 14:55:07
cvelist
cvelist
CVE-2014-4046
2014-06-17 14:00:00
prion
prion
Deserialization of untrusted data
2014-06-17 14:55:00
nvd
nvd
CVE-2014-4046
2014-06-17 14:55:07
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0300)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201406-25
2015-09-29 00:00:00
Debian: Security Advisory (DLA-455-1)
2023-03-08 00:00:00
mageia
mageia
Updated asterisk packages fix security vulnerabilities
2014-07-26 16:52:06
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2014-06-25 00:00:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2014-06-12 00:00:00
osv
osv
asterisk - security update
2016-05-03 00:00:00
debian
debian
[SECURITY] [DLA 455-1] asterisk security update
2016-05-03 20:31:18
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.3%
Related for CVE-2014-4046