Digium.Asterisk.Manager.User.Shell.Command.Execution
Description
This indicates an attack attempt to exploit a remote Command Execution vulnerability in Digium Asterisk.
The vulnerability is due to insufficient validation of user supplied inputs in the application when handling shell commands. As a result, a remote attacker can exploit this to execute arbitrary script code within the context of the application.
Affected Products
Digium Asterisk Business Edition C.3.x prior to version C.3.7.4
Digium Asterisk Open Source 1.6.x prior to version 1.6.2.24
Digium Asterisk Open Source 1.8.x prior to version 1.8.11.1
Digium Asterisk Open Source 10.x Prior to version 10.3.1
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the server.
Recommended Actions
Apply patch available from the website.
http://downloads.asterisk.org/pub/security/AST-2012-004.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |