6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.2%
The Asterisk project reports:
Asterisk Manager User Unauthorized Shell Access. Manager users can
execute arbitrary shell commands with the MixMonitor manager action.
Asterisk does not require system class authorization for a manager
user to use the MixMonitor action, so any manager user who is
permitted to use manager commands can potentially execute shell
commands as the user executing the Asterisk process.
Exhaustion of Allowed Concurrent HTTP Connections. Establishing a
TCP or TLS connection to the configured HTTP or HTTPS port
respectively in http.conf and then not sending or completing a HTTP
request will tie up a HTTP session. By doing this repeatedly until the
maximum number of open HTTP sessions is reached, legitimate requests
are blocked.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | asterisk11 | < 11.10.1 | UNKNOWN |
FreeBSD | any | noarch | asterisk18 | < 1.8.28.1 | UNKNOWN |