1. Home
  2. CVE Database
  3. CVE-2011-1599
HIGH · 9.0

CVE-2011-1599

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x befor...

Vulnerability Description

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

CVSS Score

9.0

HIGH

AV:N/AC:L/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
DigiumAsterisk1.4.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2011-1599?

CVE-2011-1599 is a vulnerability with a CVSS score of 9.0 (HIGH). manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x befor...

How severe is CVE-2011-1599?

CVE-2011-1599 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1599?

Check the references section above for vendor advisories and patch information. Affected products include: Digium Asterisk.