← Back

CVE-2019-18610

nvd nist
Published: Nov 22, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

Affected (11)

Digium
2 products
Asterisk
Certified Asterisk
Debian
1 product
Debian Linux
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
From 13.0.0 to 13.29.2
Asterisk
From 16.0.0 to 16.6.2
Asterisk
From 17.0.0 to 17.0.1
Digium
Certified Asterisk
Version 13.21.0
Certified Asterisk
Version 13.21.0 cert1
Certified Asterisk
Version 13.21.0 cert2
Certified Asterisk
Version 13.21.0 cert3
Certified Asterisk
Version 13.21.0 cert4
Certified Asterisk
Version 13.21.0 rc1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (8)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.