main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Open_source | Asterisk | 1.6.2.0 (including) | 1.6.2.0 (including) |
| Open_source | Asterisk | 1.6.2.0-rc2 (including) | 1.6.2.0-rc2 (including) |
| Open_source | Asterisk | 1.6.2.0-rc3 (including) | 1.6.2.0-rc3 (including) |
| Open_source | Asterisk | 1.6.2.0-rc4 (including) | 1.6.2.0-rc4 (including) |
| Open_source | Asterisk | 1.6.2.0-rc5 (including) | 1.6.2.0-rc5 (including) |
| Open_source | Asterisk | 1.6.2.0-rc6 (including) | 1.6.2.0-rc6 (including) |
| Open_source | Asterisk | 1.6.2.0-rc7 (including) | 1.6.2.0-rc7 (including) |
| Open_source | Asterisk | 1.6.2.0-rc8 (including) | 1.6.2.0-rc8 (including) |
| Open_source | Asterisk | 1.6.2.1 (including) | 1.6.2.1 (including) |
| Open_source | Asterisk | 1.6.2.1-rc1 (including) | 1.6.2.1-rc1 (including) |
| Open_source | Asterisk | 1.6.2.2 (including) | 1.6.2.2 (including) |
| Open_source | Asterisk | 1.6.2.3-rc2 (including) | 1.6.2.3-rc2 (including) |
| Open_source | Asterisk | 1.6.2.4 (including) | 1.6.2.4 (including) |
| Open_source | Asterisk | 1.6.2.5 (including) | 1.6.2.5 (including) |
| Open_source | Asterisk | 1.6.2.6 (including) | 1.6.2.6 (including) |
| Open_source | Asterisk | 1.6.2.6-rc1 (including) | 1.6.2.6-rc1 (including) |
| Open_source | Asterisk | 1.6.2.6-rc2 (including) | 1.6.2.6-rc2 (including) |
| Open_source | Asterisk | 1.6.2.7 (including) | 1.6.2.7 (including) |
| Open_source | Asterisk | 1.6.2.7-rc1 (including) | 1.6.2.7-rc1 (including) |
| Open_source | Asterisk | 1.6.2.7-rc2 (including) | 1.6.2.7-rc2 (including) |
| Open_source | Asterisk | 1.6.2.7-rc3 (including) | 1.6.2.7-rc3 (including) |
| Open_source | Asterisk | 1.6.2.8 (including) | 1.6.2.8 (including) |
| Open_source | Asterisk | 1.6.2.8-rc1 (including) | 1.6.2.8-rc1 (including) |
| Open_source | Asterisk | 1.6.2.9 (including) | 1.6.2.9 (including) |
| Open_source | Asterisk | 1.6.2.9-rc1 (including) | 1.6.2.9-rc1 (including) |
| Open_source | Asterisk | 1.6.2.9-rc2 (including) | 1.6.2.9-rc2 (including) |
| Open_source | Asterisk | 1.6.2.9-rc3 (including) | 1.6.2.9-rc3 (including) |
| Open_source | Asterisk | 1.6.2.10 (including) | 1.6.2.10 (including) |
| Open_source | Asterisk | 1.6.2.10-rc1 (including) | 1.6.2.10-rc1 (including) |
| Open_source | Asterisk | 1.6.2.10-rc2 (including) | 1.6.2.10-rc2 (including) |
| Open_source | Asterisk | 1.6.2.11 (including) | 1.6.2.11 (including) |
| Open_source | Asterisk | 1.6.2.11-rc1 (including) | 1.6.2.11-rc1 (including) |
| Open_source | Asterisk | 1.6.2.11-rc2 (including) | 1.6.2.11-rc2 (including) |
| Open_source | Asterisk | 1.6.2.12 (including) | 1.6.2.12 (including) |
| Open_source | Asterisk | 1.6.2.12-rc1 (including) | 1.6.2.12-rc1 (including) |
| Open_source | Asterisk | 1.6.2.13 (including) | 1.6.2.13 (including) |
| Open_source | Asterisk | 1.6.2.14 (including) | 1.6.2.14 (including) |
| Open_source | Asterisk | 1.6.2.14-rc1 (including) | 1.6.2.14-rc1 (including) |
| Open_source | Asterisk | 1.6.2.15 (including) | 1.6.2.15 (including) |
| Open_source | Asterisk | 1.6.2.15-rc1 (including) | 1.6.2.15-rc1 (including) |
| Open_source | Asterisk | 1.6.2.15.1 (including) | 1.6.2.15.1 (including) |
| Open_source | Asterisk | 1.6.2.16 (including) | 1.6.2.16 (including) |
| Open_source | Asterisk | 1.6.2.16-rc1 (including) | 1.6.2.16-rc1 (including) |
| Open_source | Asterisk | 1.6.2.16.1 (including) | 1.6.2.16.1 (including) |
| Open_source | Asterisk | 1.6.2.16.2 (including) | 1.6.2.16.2 (including) |
| Open_source | Asterisk | 1.6.2.17 (including) | 1.6.2.17 (including) |
| Open_source | Asterisk | 1.6.2.17-rc1 (including) | 1.6.2.17-rc1 (including) |
| Open_source | Asterisk | 1.6.2.17-rc2 (including) | 1.6.2.17-rc2 (including) |
| Open_source | Asterisk | 1.6.2.17-rc3 (including) | 1.6.2.17-rc3 (including) |
| Open_source | Asterisk | 1.6.2.17.1 (including) | 1.6.2.17.1 (including) |
| Open_source | Asterisk | 1.6.2.17.2 (including) | 1.6.2.17.2 (including) |
| Open_source | Asterisk | 1.6.2.17.3 (including) | 1.6.2.17.3 (including) |
| Open_source | Asterisk | 1.6.2.18 (including) | 1.6.2.18 (including) |
| Open_source | Asterisk | 1.6.2.18-rc1 (including) | 1.6.2.18-rc1 (including) |
| Open_source | Asterisk | 1.6.2.18.1 (including) | 1.6.2.18.1 (including) |
| Open_source | Asterisk | 1.6.2.18.2 (including) | 1.6.2.18.2 (including) |
| Open_source | Asterisk | 1.6.2.19 (including) | 1.6.2.19 (including) |
| Open_source | Asterisk | 1.6.2.19-rc1 (including) | 1.6.2.19-rc1 (including) |
| Open_source | Asterisk | 1.6.2.20 (including) | 1.6.2.20 (including) |
| Open_source | Asterisk | 1.6.2.21 (including) | 1.6.2.21 (including) |
| Open_source | Asterisk | 1.6.2.22 (including) | 1.6.2.22 (including) |
| Open_source | Asterisk | 1.6.2.23 (including) | 1.6.2.23 (including) |
| Asterisk | Ubuntu | lucid | * |
| Asterisk | Ubuntu | natty | * |
| Asterisk | Ubuntu | oneiric | * |
| Asterisk | Ubuntu | precise | * |
| Asterisk | Ubuntu | upstream | * |