Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digium Asterisk Open Source和Certified Asterisk 安全漏洞
Vulnerability Description
Digium Asterisk Open Source和Certified Asterisk都是美国Digium公司的开源电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Asterisk Open Source和Certified Asterisk中存在安全漏洞。攻击者可借助caller-id名称和序号利用该漏洞注入任意的shell命令,并执行命令。以下产品和版本受到影响:Asterisk Open Source 11.25.2之前的11.x版本,13.17.
CVSS Information
N/A
Vulnerability Type
N/A