// For flags

CVE-2019-18610

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

Se detectó un problema en el archivo manager.c en Sangoma Asterisk versiones hasta 13.x, 16.x, 17.x y Certified Asterisk versiones 13.21 hasta 13.21-cert4. Un usuario de Asterisk Manager Interface (AMI) autenticado remoto sin autorización del sistema podría usar una petición Originate AMI especialmente diseñada para ejecutar comandos arbitrarios del sistema.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-29 CVE Reserved
  • 2019-11-21 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-11-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 13.0.0 < 13.29.2
Search vendor "Digium" for product "Asterisk" and version " >= 13.0.0 < 13.29.2"
-
Affected
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 16.0.0 < 16.6.2
Search vendor "Digium" for product "Asterisk" and version " >= 16.0.0 < 16.6.2"
-
Affected
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 17.0.0 < 17.0.1
Search vendor "Digium" for product "Asterisk" and version " >= 17.0.0 < 17.0.1"
-
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
13.21.0
Search vendor "Digium" for product "Certified Asterisk" and version "13.21.0"
-
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
13.21.0
Search vendor "Digium" for product "Certified Asterisk" and version "13.21.0"
cert1
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
13.21.0
Search vendor "Digium" for product "Certified Asterisk" and version "13.21.0"
cert2
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
13.21.0
Search vendor "Digium" for product "Certified Asterisk" and version "13.21.0"
cert3
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
13.21.0
Search vendor "Digium" for product "Certified Asterisk" and version "13.21.0"
cert4
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
13.21.0
Search vendor "Digium" for product "Certified Asterisk" and version "13.21.0"
rc1
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected