This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
A telephony application running on the remote host is affected by
According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by the following
- A security bypass vulnerability exists in the VoIP
channel drivers, DUNDi, and Asterisk Manager Interface
(AMI) components which may allow a remote attacker to
send specially crafted packets that bypass all ACL rules
other than the first ACL entry. (CVE-2014-8412)
- A privilege escalation vulnerability exists in the
ConfBridge 'dialplan' DB function when executed from an
external protocol which could allow a remote,
authenticated attacker to escalate privileges.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Asterisk 184.108.40.206 / 11.14.1 / 12.7.1 / 13.0.1 /
1.8.28-cert3 / 11.6-cert8 or apply the appropriate patch listed in the
Risk factor :
Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 5.2
Public Exploit Available : false