Asterisk Multiple Vulnerabilities (AST-2011-005/AST-2011-006)

Medium Nessus Network Monitor Plugin ID 5897


The remote VoIP server is vulnerable to multiple attack vectors.


The version of Asterisk running on the remote host is potentially affected by multiple issues :

- On systems that have the Asterisk Manager interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes which would cause Asterisk to run out of available file descriptors and stop processing any new calls. (AST-2011-005)

- It is possible to bypass a security check and execute shell commands when they should not have that ability. Note that only users with the 'system' privileges should be able to do this. (AST-2011-006)


Upgrade to Asterisk,,,, Business Edition C.3.6.4, or later.

See Also

Plugin Details

Severity: Medium

ID: 5897

Family: Generic

Published: 2011/04/25

Modified: 2017/01/31

Dependencies: 3768

Nessus ID: 53544

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 6.3

Temporal Score: 5.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2011/04/21

Vulnerability Publication Date: 2011/04/21

Reference Information

CVE: CVE-2011-1507, CVE-2011-1599

BID: 47537