Lucene search
HistoryApr 27, 2011 - 12:55 a.m.
CVE-2011-1599
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
84.0%
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
Affected configurations
Node
digiumasteriskMatch1.4.0
ORdigiumasteriskMatch1.4.0beta1
ORdigiumasteriskMatch1.4.0beta2
ORdigiumasteriskMatch1.4.0beta3
ORdigiumasteriskMatch1.4.0beta4
ORdigiumasteriskMatch1.4.1
ORdigiumasteriskMatch1.4.2
ORdigiumasteriskMatch1.4.3
ORdigiumasteriskMatch1.4.10
ORdigiumasteriskMatch1.4.10.1
ORdigiumasteriskMatch1.4.11
ORdigiumasteriskMatch1.4.12
ORdigiumasteriskMatch1.4.12.1
ORdigiumasteriskMatch1.4.13
ORdigiumasteriskMatch1.4.14
ORdigiumasteriskMatch1.4.15
ORdigiumasteriskMatch1.4.16
ORdigiumasteriskMatch1.4.16.1
ORdigiumasteriskMatch1.4.16.2
ORdigiumasteriskMatch1.4.17
ORdigiumasteriskMatch1.4.18
ORdigiumasteriskMatch1.4.19
ORdigiumasteriskMatch1.4.19rc1
ORdigiumasteriskMatch1.4.19rc2
ORdigiumasteriskMatch1.4.19rc3
ORdigiumasteriskMatch1.4.19rc4
ORdigiumasteriskMatch1.4.19.1
ORdigiumasteriskMatch1.4.19.2
ORdigiumasteriskMatch1.4.20
ORdigiumasteriskMatch1.4.20rc1
ORdigiumasteriskMatch1.4.20rc2
ORdigiumasteriskMatch1.4.20rc3
ORdigiumasteriskMatch1.4.20.1
ORdigiumasteriskMatch1.4.21
ORdigiumasteriskMatch1.4.21rc1
ORdigiumasteriskMatch1.4.21rc2
ORdigiumasteriskMatch1.4.21.1
ORdigiumasteriskMatch1.4.21.2
ORdigiumasteriskMatch1.4.22
ORdigiumasteriskMatch1.4.22rc1
ORdigiumasteriskMatch1.4.22rc2
ORdigiumasteriskMatch1.4.22rc3
ORdigiumasteriskMatch1.4.22rc4
ORdigiumasteriskMatch1.4.22rc5
ORdigiumasteriskMatch1.4.22.1
ORdigiumasteriskMatch1.4.22.2
ORdigiumasteriskMatch1.4.23
ORdigiumasteriskMatch1.4.23rc1
ORdigiumasteriskMatch1.4.23rc2
ORdigiumasteriskMatch1.4.23rc3
ORdigiumasteriskMatch1.4.23rc4
ORdigiumasteriskMatch1.4.23.1
ORdigiumasteriskMatch1.4.23.2
ORdigiumasteriskMatch1.4.24
ORdigiumasteriskMatch1.4.24rc1
ORdigiumasteriskMatch1.4.24.1
ORdigiumasteriskMatch1.4.25
ORdigiumasteriskMatch1.4.25rc1
ORdigiumasteriskMatch1.4.25.1
ORdigiumasteriskMatch1.4.26
ORdigiumasteriskMatch1.4.26rc1
ORdigiumasteriskMatch1.4.26rc2
ORdigiumasteriskMatch1.4.26rc3
ORdigiumasteriskMatch1.4.26rc4
ORdigiumasteriskMatch1.4.26rc5
ORdigiumasteriskMatch1.4.26rc6
ORdigiumasteriskMatch1.4.26.1
ORdigiumasteriskMatch1.4.26.2
ORdigiumasteriskMatch1.4.26.3
ORdigiumasteriskMatch1.4.27
ORdigiumasteriskMatch1.4.27rc1
ORdigiumasteriskMatch1.4.27rc2
ORdigiumasteriskMatch1.4.27rc3
ORdigiumasteriskMatch1.4.27rc4
ORdigiumasteriskMatch1.4.27rc5
ORdigiumasteriskMatch1.4.27.1
ORdigiumasteriskMatch1.4.28
ORdigiumasteriskMatch1.4.28rc1
ORdigiumasteriskMatch1.4.29
ORdigiumasteriskMatch1.4.29rc1
ORdigiumasteriskMatch1.4.29.1
ORdigiumasteriskMatch1.4.30
ORdigiumasteriskMatch1.4.30rc2
ORdigiumasteriskMatch1.4.30rc3
ORdigiumasteriskMatch1.4.31
ORdigiumasteriskMatch1.4.31rc1
ORdigiumasteriskMatch1.4.31rc2
ORdigiumasteriskMatch1.4.32
ORdigiumasteriskMatch1.4.32rc1
ORdigiumasteriskMatch1.4.33
ORdigiumasteriskMatch1.4.33rc1
ORdigiumasteriskMatch1.4.33rc2
ORdigiumasteriskMatch1.4.33.1
ORdigiumasteriskMatch1.4.34
ORdigiumasteriskMatch1.4.34rc1
ORdigiumasteriskMatch1.4.34rc2
ORdigiumasteriskMatch1.4.35
ORdigiumasteriskMatch1.4.35rc1
ORdigiumasteriskMatch1.4.36
ORdigiumasteriskMatch1.4.36rc1
ORdigiumasteriskMatch1.4.37
ORdigiumasteriskMatch1.4.37rc1
ORdigiumasteriskMatch1.4.38
ORdigiumasteriskMatch1.4.38rc1
ORdigiumasteriskMatch1.4.39
ORdigiumasteriskMatch1.4.39rc1
ORdigiumasteriskMatch1.4.39.1
ORdigiumasteriskMatch1.4.39.2
ORdigiumasteriskMatch1.4.40
ORdigiumasteriskMatch1.4.40rc1
ORdigiumasteriskMatch1.4.40rc2
ORdigiumasteriskMatch1.4.40rc3
Node
digiumasteriskMatch1.6.2.0
ORdigiumasteriskMatch1.6.2.0rc2
ORdigiumasteriskMatch1.6.2.0rc3
ORdigiumasteriskMatch1.6.2.0rc4
ORdigiumasteriskMatch1.6.2.0rc5
ORdigiumasteriskMatch1.6.2.0rc6
ORdigiumasteriskMatch1.6.2.0rc7
ORdigiumasteriskMatch1.6.2.0rc8
ORdigiumasteriskMatch1.6.2.1
ORdigiumasteriskMatch1.6.2.1rc1
ORdigiumasteriskMatch1.6.2.2
ORdigiumasteriskMatch1.6.2.3rc2
ORdigiumasteriskMatch1.6.2.4
ORdigiumasteriskMatch1.6.2.5
ORdigiumasteriskMatch1.6.2.6
ORdigiumasteriskMatch1.6.2.6rc1
ORdigiumasteriskMatch1.6.2.6rc2
ORdigiumasteriskMatch1.6.2.15rc1
ORdigiumasteriskMatch1.6.2.16
ORdigiumasteriskMatch1.6.2.16rc1
ORdigiumasteriskMatch1.6.2.16.1
ORdigiumasteriskMatch1.6.2.16.2
ORdigiumasteriskMatch1.6.2.17
ORdigiumasteriskMatch1.6.2.17rc1
ORdigiumasteriskMatch1.6.2.17rc2
ORdigiumasteriskMatch1.6.2.17rc3
ORdigiumasteriskMatch1.6.2.17.1
ORdigiumasteriskMatch1.6.2.17.2
Node
digiumasteriskMatch1.8.0
ORdigiumasteriskMatch1.8.0beta1
ORdigiumasteriskMatch1.8.0beta2
ORdigiumasteriskMatch1.8.0beta3
ORdigiumasteriskMatch1.8.0beta4
ORdigiumasteriskMatch1.8.0beta5
ORdigiumasteriskMatch1.8.0rc2
ORdigiumasteriskMatch1.8.0rc3
ORdigiumasteriskMatch1.8.0rc4
ORdigiumasteriskMatch1.8.0rc5
ORdigiumasteriskMatch1.8.1
ORdigiumasteriskMatch1.8.1rc1
ORdigiumasteriskMatch1.8.1.1
ORdigiumasteriskMatch1.8.1.2
ORdigiumasteriskMatch1.8.2
ORdigiumasteriskMatch1.8.2.1
ORdigiumasteriskMatch1.8.2.2
ORdigiumasteriskMatch1.8.2.3
ORdigiumasteriskMatch1.8.2.4
ORdigiumasteriskMatch1.8.3
ORdigiumasteriskMatch1.8.3rc1
ORdigiumasteriskMatch1.8.3rc2
ORdigiumasteriskMatch1.8.3rc3
ORdigiumasteriskMatch1.8.3.1
ORdigiumasteriskMatch1.8.3.2
Node
digiumasteriskMatchc.1.0beta7business
ORdigiumasteriskMatchc.1.0beta8business
ORdigiumasteriskMatchc.1.6-business
ORdigiumasteriskMatchc.1.6.1-business
ORdigiumasteriskMatchc.1.6.2-business
ORdigiumasteriskMatchc.1.8.0-business
ORdigiumasteriskMatchc.1.8.1-business
ORdigiumasteriskMatchc.2.3-business
ORdigiumasteriskMatchc.3.0-business
ORdigiumasteriskMatchc.3.1.0-business
ORdigiumasteriskMatchc.3.1.1-business
ORdigiumasteriskMatchc.3.2.2-business
ORdigiumasteriskMatchc.3.2.3-business
ORdigiumasteriskMatchc.3.3.2-business
ORdigiumasteriskMatchc.3.6.2-business
ORdigiumasteriskMatchc.3.6.3-business
Node
digiumasteriskMatch1.6.1.0
ORdigiumasteriskMatch1.6.1.0rc2
ORdigiumasteriskMatch1.6.1.0rc3
ORdigiumasteriskMatch1.6.1.0rc4
ORdigiumasteriskMatch1.6.1.0rc5
ORdigiumasteriskMatch1.6.1.1
ORdigiumasteriskMatch1.6.1.2
ORdigiumasteriskMatch1.6.1.3rc1
ORdigiumasteriskMatch1.6.1.4
ORdigiumasteriskMatch1.6.1.5
ORdigiumasteriskMatch1.6.1.5rc1
ORdigiumasteriskMatch1.6.1.6
ORdigiumasteriskMatch1.6.1.7rc1
ORdigiumasteriskMatch1.6.1.7rc2
ORdigiumasteriskMatch1.6.1.8
ORdigiumasteriskMatch1.6.1.9
ORdigiumasteriskMatch1.6.1.10
ORdigiumasteriskMatch1.6.1.10rc1
ORdigiumasteriskMatch1.6.1.10rc2
ORdigiumasteriskMatch1.6.1.10rc3
ORdigiumasteriskMatch1.6.1.11
ORdigiumasteriskMatch1.6.1.12
ORdigiumasteriskMatch1.6.1.12rc1
ORdigiumasteriskMatch1.6.1.13
ORdigiumasteriskMatch1.6.1.13rc1
ORdigiumasteriskMatch1.6.1.14
ORdigiumasteriskMatch1.6.1.15rc2
ORdigiumasteriskMatch1.6.1.16
ORdigiumasteriskMatch1.6.1.17
ORdigiumasteriskMatch1.6.1.18
ORdigiumasteriskMatch1.6.1.18rc1
ORdigiumasteriskMatch1.6.1.18rc2
ORdigiumasteriskMatch1.6.1.19
ORdigiumasteriskMatch1.6.1.19rc1
ORdigiumasteriskMatch1.6.1.19rc2
ORdigiumasteriskMatch1.6.1.19rc3
ORdigiumasteriskMatch1.6.1.20
ORdigiumasteriskMatch1.6.1.20rc1
ORdigiumasteriskMatch1.6.1.20rc2
ORdigiumasteriskMatch1.6.1.21
ORdigiumasteriskMatch1.6.1.22
ORdigiumasteriskMatch1.6.1.23
ORdigiumasteriskMatch1.6.1.24
References
downloads.digium.com/pub/security/AST-2011-006.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
openwall.com/lists/oss-security/2011/04/22/6
secunia.com/advisories/44197
secunia.com/advisories/44529
securitytracker.com/id?1025433
www.debian.org/security/2011/dsa-2225
www.securityfocus.com/bid/47537
www.vupen.com/english/advisories/2011/1086
www.vupen.com/english/advisories/2011/1107
www.vupen.com/english/advisories/2011/1188
Related
cve
cve
CVE-2011-1599
2011-04-27 00:55:04
cvelist
cvelist
CVE-2011-1599
2011-04-27 00:00:00
debiancve
debiancve
CVE-2011-1599
2011-04-27 00:55:04
prion
prion
Design/Logic Flaw
2011-04-27 00:55:00
ubuntucve
ubuntucve
CVE-2011-1599
2011-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: asterisk-1.8.3.3-1.fc15
2011-04-26 16:06:08
[SECURITY] Fedora 14 Update: asterisk-1.6.2.18-1.fc14
2011-05-17 01:05:44
[SECURITY] Fedora 13 Update: asterisk-1.6.2.18-1.fc13
2011-05-07 13:27:17
nessus
nessus
Fedora 14 : asterisk-1.6.2.18-1.fc14 (2011-6225)
2011-05-17 00:00:00
Fedora 15 : asterisk-1.8.3.3-1.fc15 (2011-5835)
2011-04-27 00:00:00
Fedora 13 : asterisk-1.6.2.18-1.fc13 (2011-6208)
2011-05-09 00:00:00
openvas
openvas
Fedora Update for asterisk FEDORA-2011-6208
2011-05-10 00:00:00
Fedora Update for asterisk FEDORA-2011-6208
2011-05-10 00:00:00
Fedora Update for asterisk FEDORA-2011-6225
2011-05-17 00:00:00
debian
debian
[SECURITY] [DSA 2225-1] asterisk security update
2011-04-26 21:01:18
osv
osv
asterisk - several
2011-04-25 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2011-10-24 00:00:00
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
84.0%
Related for NVD:CVE-2011-1599