Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:DIGIUM-ASTERISK-MGR-CMDEXEC

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Digium Asterisk Manager User Shell Command Execution

Release Date

 2013/01/07

Update Number

 2222

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Digium Asterisk Manager User Shell Command Execution


This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can lead to arbitrary script code execution within the context of the vulnerable application.

Extended Description

Asterisk is prone to a security-bypass vulnerability that affects the manager interface. An attacker can exploit this issue to bypass certain security restrictions and execute shell commands within the context of the affected application.

Affected Products

  • Asterisk asterisk 10.0
  • Asterisk asterisk 10.0.0
  • Asterisk asterisk 10.0.1
  • Asterisk asterisk 10.2.0
  • Asterisk asterisk 10.2.1
  • Asterisk asterisk 10.3.0
  • Asterisk asterisk 1.6.2
  • Asterisk asterisk 1.6.2.15.1
  • Asterisk asterisk 1.6.2.16.1
  • Asterisk asterisk 1.6.2.16.2
  • Asterisk asterisk 1.6.2.17.1
  • Asterisk asterisk 1.6.2.17.3
  • Asterisk asterisk 1.6.2.18.1
  • Asterisk asterisk 1.6.2.18.2
  • Asterisk asterisk 1.6.2.2
  • Asterisk asterisk 1.6.2.20
  • Asterisk asterisk 1.6.2.21
  • Asterisk asterisk 1.6.2.22
  • Asterisk asterisk 1.6.2.23
  • Asterisk asterisk 1.6.2.5
  • Asterisk asterisk 1.8
  • Asterisk asterisk 1.8.0
  • Asterisk asterisk 1.8.1
  • Asterisk asterisk 1.8.10.0
  • Asterisk asterisk 1.8.10.1
  • Asterisk asterisk 1.8.11.0
  • Asterisk asterisk 1.8.1.2
  • Asterisk asterisk 1.8.2.1
  • Asterisk asterisk 1.8.2.4
  • Asterisk asterisk 1.8.3.1
  • Asterisk asterisk 1.8.3.3
  • Asterisk asterisk 1.8.4.1
  • Asterisk asterisk 1.8.4 2
  • Asterisk asterisk 1.8.4.3
  • Asterisk asterisk 1.8.4.4
  • Asterisk asterisk 1.8.7.1
  • Asterisk asterisk 1.8.7.2
  • Asterisk asterisk 1.8.8.2
  • Asterisk asterisk_business_edition C.3.1.0
  • Asterisk asterisk_business_edition C.3.1 1
  • Asterisk asterisk_business_edition C.3.2 2
  • Asterisk asterisk_business_edition C.3.2 3
  • Asterisk asterisk_business_edition C.3.3.2
  • Asterisk asterisk_business_edition C.3.6.2
  • Asterisk asterisk_business_edition C.3.6.3
  • Asterisk asterisk_business_edition C.3.6.4
  • Asterisk asterisk_business_edition C.3.7.3
  • Debian linux 6.0 amd64
  • Debian linux 6.0 arm
  • Debian linux 6.0 ia-32
  • Debian linux 6.0 ia-64
  • Debian linux 6.0 mips
  • Debian linux 6.0 powerpc
  • Debian linux 6.0 s/390
  • Debian linux 6.0 sparc
  • Gentoo linux
  • Red_hat fedora 15
  • Red_hat fedora 16
  • Red_hat fedora 17

References

  • BugTraq: 53206
  • CVE: CVE-2012-2414

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out