Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digium Asterisk和Certified Asterisk ConfBridge 权限许可和访问控制漏洞
Vulnerability Description
Digium Asterisk和Certified Asterisk都是美国Digium公司的开源电话交换机(PBX)系统软件,它支持语音信箱、多方语音会议、交互式语音应答(IVR)等。ConfBridge是其中的一个用于实现会议应用的应用程序。 Digium Asterisk和Certified Asterisk的ConfBridge中存在安全漏洞。远程攻击者可借助CONFBRIDGE dialplan函数利用该漏洞获取权限,或通过执行特制的ConfbridgeStartRecord AMI操作利用该漏
CVSS Information
N/A
Vulnerability Type
N/A