Asterisk Manager User Unauthorized Shell Access (AST-2012-004)
High Nessus Plugin ID 58904
SynopsisA telephony application running on the remote host is affected by a privilege escalation vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow an authenticated, remote attacker to run arbitrary commands with the credentials of the Asterisk server.
SolutionUpgrade to Asterisk 22.214.171.124 / 126.96.36.199 / 10.3.1 / C.3.7.4 or apply the patches listed in the Asterisk advisory.