Digium.Asterisk.Manager.User.Shell.Command.Execution

description-logoDescription

This indicates an attack attempt to exploit a remote Command Execution vulnerability in Digium Asterisk.
The vulnerability is due to insufficient validation of user supplied inputs in the application when handling shell commands. As a result, a remote attacker can exploit this to execute arbitrary script code within the context of the application.

affected-products-logoAffected Products

Digium Asterisk Business Edition C.3.x prior to version C.3.7.4
Digium Asterisk Open Source 1.6.x prior to version 1.6.2.24
Digium Asterisk Open Source 1.8.x prior to version 1.8.11.1
Digium Asterisk Open Source 10.x Prior to version 10.3.1

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the server.

recomended-action-logoRecommended Actions

Apply patch available from the website.
http://downloads.asterisk.org/pub/security/AST-2012-004.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)