CVE-2011-1599

2011-04-2700:00:00

ubuntu.com

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.9%

JSON

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before
1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x
before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not
properly check for the system privilege, which allows remote authenticated
users to execute arbitrary commands via an Originate action that has an
Async header in conjunction with an Application header.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchasterisk< 1:1.6.2.5-0ubuntu1.4UNKNOWN
ubuntu10.10noarchasterisk< 1:1.6.2.7-1ubuntu1.2UNKNOWN
ubuntu11.04noarchasterisk< 1:1.6.2.9-2ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	asterisk	< 1:1.6.2.5-0ubuntu1.4	UNKNOWN
ubuntu	10.10	noarch	asterisk	< 1:1.6.2.7-1ubuntu1.2	UNKNOWN
ubuntu	11.04	noarch	asterisk	< 1:1.6.2.9-2ubuntu2.1	UNKNOWN