Arbitrary Shell Command Execution via MixMonitor Action in Asterisk Open Source and Certified Asterisk

CVE-2014-4046 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

Learn more about our Open Source Audit.