CVE-2014-4046
UnknownEPSS 5.68%
Last modified
CVE-2014-4046 is a vulnerability of currently unknown severity. Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.. EPSS estimates a 5.68% chance of exploitation in the next 30 days.
Description
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Digium | Asterisk | 11.0.0 | — |
| Digium | Asterisk | 11.0.1 | — |
| Digium | Asterisk | 11.0.2 | — |
| Digium | Asterisk | 11.1.0 | — |
| Digium | Asterisk | 11.1.1 | — |
| Digium | Asterisk | 11.1.2 | — |
| Digium | Asterisk | 11.2.0 | Rc1 |
| Digium | Asterisk | 11.3.0 | Rc1 |
| Digium | Asterisk | 11.4.0 | — |
| Digium | Asterisk | 11.5.0 | — |
| Digium | Asterisk | 11.5.1 | — |
| Digium | Asterisk | 11.8.0 | — |
| Digium | Asterisk | 11.8.1 | — |
| Digium | Asterisk | 11.9.0 | — |
| Digium | Asterisk | 11.10.0 | — |
| Digium | Asterisk | 12.0.0 | — |
| Digium | Asterisk | 12.1.0 | — |
| Digium | Asterisk | 12.1.1 | — |
| Digium | Asterisk | 12.2.0 | — |
| Digium | Asterisk | 12.3.0 | — |
| Digium | Certified Asterisk | 11.6 | Cert1 |
| Digium | Certified Asterisk | 11.6.0 | — |
References
- http://downloads.asterisk.org/pub/security/AST-2014-006.htmlPatch, Vendor Advisory
- http://downloads.asterisk.org/pub/security/AST-2014-006.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-4046?
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
How severe is CVE-2014-4046?
Severity scoring for CVE-2014-4046 is pending analysis. The EPSS model estimates a 5.68% probability of exploitation in the next 30 days.
How do I fix CVE-2014-4046?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-4046?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST