Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:MISC:SANGOMA-ASTERISKMGR-CE

Severity

 Critical

Recommended

 No

Category

 APP

Keywords

 Sangoma Asterisk manager.c Command Execution

Release Date

 2020/03/12

Update Number

 3262

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Sangoma Asterisk manager.c Command Execution


This signature detects attempts to exploit a known vulnerability against Sangoma Asterisk. A successful attack can lead to arbitrary code execution.

Extended Description

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

Affected Products

  • Debian debian_linux 8.0
  • Digium asterisk 13.0.0
  • Digium asterisk 13.0.1
  • Digium asterisk 13.0.2
  • Digium asterisk 13.1.0
  • Digium asterisk 13.10.0
  • Digium asterisk 13.1.1
  • Digium asterisk 13.11.0
  • Digium asterisk 13.11.1
  • Digium asterisk 13.11.2
  • Digium asterisk 13.12
  • Digium asterisk 13.12.0
  • Digium asterisk 13.12.1
  • Digium asterisk 13.12.2
  • Digium asterisk 13.13
  • Digium asterisk 13.13.0
  • Digium asterisk 13.13.1
  • Digium asterisk 13.14.0
  • Digium asterisk 13.14.1
  • Digium asterisk 13.15.0
  • Digium asterisk 13.15.1
  • Digium asterisk 13.16.0
  • Digium asterisk 13.17.0
  • Digium asterisk 13.17.1
  • Digium asterisk 13.17.2
  • Digium asterisk 13.18.0
  • Digium asterisk 13.18.1
  • Digium asterisk 13.18.2
  • Digium asterisk 13.18.3
  • Digium asterisk 13.18.4
  • Digium asterisk 13.18.5
  • Digium asterisk 13.19.0
  • Digium asterisk 13.19.1
  • Digium asterisk 13.19.2
  • Digium asterisk 13.2.0
  • Digium asterisk 13.20.0
  • Digium asterisk 13.2.1
  • Digium asterisk 13.21.0
  • Digium asterisk 13.21.1
  • Digium asterisk 13.22.0
  • Digium asterisk 13.23.0
  • Digium asterisk 13.23.1
  • Digium asterisk 13.28.0
  • Digium asterisk 13.28.1
  • Digium asterisk 13.29.1
  • Digium asterisk 13.3.0
  • Digium asterisk 13.3.1
  • Digium asterisk 13.3.2
  • Digium asterisk 13.4.0
  • Digium asterisk 13.5.0
  • Digium asterisk 13.6.0
  • Digium asterisk 13.7.0
  • Digium asterisk 13.7.1
  • Digium asterisk 13.7.2
  • Digium asterisk 13.8.0
  • Digium asterisk 13.8.1
  • Digium asterisk 13.8.2
  • Digium asterisk 13.9.0
  • Digium asterisk 13.9.1
  • Digium asterisk 16.0.0
  • Digium asterisk 16.0.1
  • Digium asterisk 16.1.0
  • Digium asterisk 16.2.0
  • Digium asterisk 16.2.1
  • Digium asterisk 16.3.0
  • Digium asterisk 16.4.0
  • Digium asterisk 16.4.1
  • Digium asterisk 16.5.0
  • Digium asterisk 16.5.1
  • Digium asterisk 16.6.0
  • Digium asterisk 16.6.1
  • Digium asterisk 17.0.0
  • Digium certified_asterisk 13.21.0

References

  • CVE: CVE-2019-18610

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out