FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- AMI user could execute system commands

Affected packages
asterisk13 < 13.29.2
asterisk16 < 16.6.2

Details

VuXML ID 49b61ab6-0d04-11ea-87ca-001999f8d30b
Discovery 2019-10-10
Entry 2019-11-22

The Asterisk project reports:

A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

References

CVE Name CVE-2019-18610
URL https://downloads.asterisk.org/pub/security/AST-2019-007.html