vulnerability
FreeBSD: VID-49B61AB6-0D04-11EA-87CA-001999F8D30B (CVE-2019-18610): asterisk -- AMI user could execute system commands
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Oct 10, 2019 | Nov 22, 2019 | Jan 22, 2020 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 10, 2019
Added
Nov 22, 2019
Modified
Jan 22, 2020
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-49B61AB6-0D04-11EA-87CA-001999F8D30B:
The Asterisk project reports:
A remote authenticated Asterisk Manager Interface (AMI)
user without system authorization could use a specially
crafted Originate AMI request to execute arbitrary system
commands.
Solution(s)
freebsd-upgrade-package-asterisk13freebsd-upgrade-package-asterisk16
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.