CVE-2012-2414

main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.

Published: Apr 30, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2414
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
asterisk / open_source	1.6.2.0-rc4	1.6.2.0-rc4.x
asterisk / open_source	1.6.2.15.1	1.6.2.15.1.x
asterisk / open_source	1.6.2.10-rc1	1.6.2.10-rc1.x
asterisk / open_source	1.6.2.9-rc3	1.6.2.9-rc3.x
asterisk / open_source	1.6.2.17-rc1	1.6.2.17-rc1.x
asterisk / open_source	1.6.2.1	1.6.2.1.x
asterisk / open_source	1.6.2.2	1.6.2.2.x
asterisk / open_source	1.6.2.14	1.6.2.14.x
asterisk / open_source	1.6.2.17-rc3	1.6.2.17-rc3.x
asterisk / open_source	1.6.2.22	1.6.2.22.x
asterisk / open_source	1.6.2.8	1.6.2.8.x
asterisk / open_source	1.6.2.13	1.6.2.13.x
asterisk / open_source	1.6.2.15-rc1	1.6.2.15-rc1.x
asterisk / open_source	1.6.2.7-rc2	1.6.2.7-rc2.x
asterisk / open_source	1.6.2.9	1.6.2.9.x
asterisk / open_source	1.6.2.16-rc1	1.6.2.16-rc1.x
asterisk / open_source	1.6.2.7-rc1	1.6.2.7-rc1.x
asterisk / open_source	1.6.2.17.1	1.6.2.17.1.x
asterisk / open_source	1.6.2.0-rc8	1.6.2.0-rc8.x
asterisk / open_source	1.6.2.19-rc1	1.6.2.19-rc1.x
asterisk / open_source	1.6.2.15	1.6.2.15.x
asterisk / open_source	1.6.2.1-rc1	1.6.2.1-rc1.x
asterisk / open_source	1.6.2.6	1.6.2.6.x
asterisk / open_source	1.6.2.0-rc2	1.6.2.0-rc2.x
asterisk / open_source	1.6.2.6-rc2	1.6.2.6-rc2.x
asterisk / open_source	1.6.2.18.2	1.6.2.18.2.x
asterisk / open_source	1.6.2.7	1.6.2.7.x
asterisk / open_source	1.6.2.4	1.6.2.4.x
asterisk / open_source	1.6.2.19	1.6.2.19.x
asterisk / open_source	1.6.2.3-rc2	1.6.2.3-rc2.x
asterisk / open_source	1.6.2.16	1.6.2.16.x
asterisk / open_source	1.6.2.23	1.6.2.23.x
asterisk / open_source	1.6.2.14-rc1	1.6.2.14-rc1.x
asterisk / open_source	1.6.2.11-rc1	1.6.2.11-rc1.x
asterisk / open_source	1.6.2.18	1.6.2.18.x
asterisk / open_source	1.6.2.16.2	1.6.2.16.2.x
asterisk / open_source	1.6.2.18-rc1	1.6.2.18-rc1.x
asterisk / open_source	1.6.2.0-rc3	1.6.2.0-rc3.x
asterisk / open_source	1.6.2.9-rc2	1.6.2.9-rc2.x
asterisk / open_source	1.6.2.20	1.6.2.20.x
asterisk / open_source	1.6.2.11	1.6.2.11.x
asterisk / open_source	1.6.2.0-rc5	1.6.2.0-rc5.x
asterisk / open_source	1.6.2.10	1.6.2.10.x
asterisk / open_source	1.6.2.7-rc3	1.6.2.7-rc3.x
asterisk / open_source	1.6.2.6-rc1	1.6.2.6-rc1.x
asterisk / open_source	1.6.2.8-rc1	1.6.2.8-rc1.x
asterisk / open_source	1.6.2.17-rc2	1.6.2.17-rc2.x
asterisk / open_source	1.6.2.5	1.6.2.5.x
asterisk / open_source	1.6.2.17.2	1.6.2.17.2.x
asterisk / open_source	1.6.2.12	1.6.2.12.x
asterisk / open_source	1.6.2.11-rc2	1.6.2.11-rc2.x
asterisk / open_source	1.6.2.17	1.6.2.17.x
asterisk / open_source	1.6.2.9-rc1	1.6.2.9-rc1.x
asterisk / open_source	1.6.2.21	1.6.2.21.x
asterisk / open_source	1.6.2.17.3	1.6.2.17.3.x
asterisk / open_source	1.6.2.16.1	1.6.2.16.1.x
asterisk / open_source	1.6.2.12-rc1	1.6.2.12-rc1.x
asterisk / open_source	1.6.2.18.1	1.6.2.18.1.x
asterisk / open_source	1.6.2.0-rc7	1.6.2.0-rc7.x
asterisk / open_source	1.6.2.10-rc2	1.6.2.10-rc2.x
asterisk / open_source	1.6.2.0-rc6	1.6.2.0-rc6.x
asterisk / open_source	1.6.2.0	1.6.2.0.x
asterisk / open_source	1.8.10.0-rc1	1.8.10.0-rc1.x
asterisk / open_source	1.8.0-beta1	1.8.0-beta1.x
asterisk / open_source	1.8.3	1.8.3.x
asterisk / open_source	1.8.8.1	1.8.8.1.x
asterisk / open_source	1.8.1-rc1	1.8.1-rc1.x
asterisk / open_source	1.8.0-rc2	1.8.0-rc2.x
asterisk / open_source	1.8.9.0-rc1	1.8.9.0-rc1.x
asterisk / open_source	1.8.10.0-rc2	1.8.10.0-rc2.x
asterisk / open_source	1.8.0-rc3	1.8.0-rc3.x
asterisk / open_source	1.8.8.0-rc4	1.8.8.0-rc4.x
asterisk / open_source	1.8.0-beta2	1.8.0-beta2.x
asterisk / open_source	1.8.4.4	1.8.4.4.x
asterisk / open_source	1.8.8.0-rc3	1.8.8.0-rc3.x
asterisk / open_source	1.8.3-rc3	1.8.3-rc3.x
asterisk / open_source	1.8.11.0-rc3	1.8.11.0-rc3.x
asterisk / open_source	1.8.2.3	1.8.2.3.x
asterisk / open_source	1.8.9.0-rc2	1.8.9.0-rc2.x
asterisk / open_source	1.8.7.2	1.8.7.2.x
asterisk / open_source	1.8.9.2	1.8.9.2.x
asterisk / open_source	1.8.0-beta3	1.8.0-beta3.x
asterisk / open_source	1.8.4-rc1	1.8.4-rc1.x
asterisk / open_source	1.8.9.3	1.8.9.3.x
asterisk / open_source	1.8.6.0-rc3	1.8.6.0-rc3.x
asterisk / open_source	1.8.6.0-rc2	1.8.6.0-rc2.x
asterisk / open_source	1.8.7.0-rc2	1.8.7.0-rc2.x
asterisk / open_source	1.8.10.0-rc3	1.8.10.0-rc3.x
asterisk / open_source	1.8.3-rc2	1.8.3-rc2.x
asterisk / open_source	1.8.3.3	1.8.3.3.x
asterisk / open_source	1.8.8.0-rc1	1.8.8.0-rc1.x
asterisk / open_source	1.8.6.0	1.8.6.0.x
asterisk / open_source	1.8.8.0-rc2	1.8.8.0-rc2.x
asterisk / open_source	1.8.4.3	1.8.4.3.x
asterisk / open_source	1.8.5.0	1.8.5.0.x
asterisk / open_source	1.8.4.2	1.8.4.2.x
asterisk / open_source	1.8.9.0-rc3	1.8.9.0-rc3.x
asterisk / open_source	1.8.7.0	1.8.7.0.x
asterisk / open_source	1.8.2.4	1.8.2.4.x
asterisk / open_source	1.8.4.1	1.8.4.1.x
asterisk / open_source	1.8.2	1.8.2.x
asterisk / open_source	1.8.1.2	1.8.1.2.x
asterisk / open_source	1.8.0	1.8.0.x
asterisk / open_source	1.8.3-rc1	1.8.3-rc1.x
asterisk / open_source	1.8.10.0	1.8.10.0.x
asterisk / open_source	1.8.2.1	1.8.2.1.x
asterisk / open_source	1.8.8.0	1.8.8.0.x
asterisk / open_source	1.8.7.1	1.8.7.1.x
asterisk / open_source	1.8.1.1	1.8.1.1.x
asterisk / open_source	1.8.11.0-rc2	1.8.11.0-rc2.x
asterisk / open_source	1.8.7.0-rc1	1.8.7.0-rc1.x
asterisk / open_source	1.8.0-beta4	1.8.0-beta4.x
asterisk / open_source	1.8.8.0-rc5	1.8.8.0-rc5.x
asterisk / open_source	1.8.0-rc4	1.8.0-rc4.x
asterisk / open_source	1.8.4-rc3	1.8.4-rc3.x
asterisk / open_source	1.8.4-rc2	1.8.4-rc2.x
asterisk / open_source	1.8.0-rc5	1.8.0-rc5.x
asterisk / open_source	1.8.1	1.8.1.x
asterisk / open_source	1.8.9.1	1.8.9.1.x
asterisk / open_source	1.8.6.0-rc1	1.8.6.0-rc1.x
asterisk / open_source	1.8.10.1	1.8.10.1.x
asterisk / open_source	1.8.3.1	1.8.3.1.x
asterisk / open_source	1.8.9.0	1.8.9.0.x
asterisk / open_source	1.8.2-rc1	1.8.2-rc1.x
asterisk / open_source	1.8.10.0-rc4	1.8.10.0-rc4.x
asterisk / open_source	1.8.4	1.8.4.x
asterisk / open_source	1.8.3.2	1.8.3.2.x
asterisk / open_source	1.8.5-rc1	1.8.5-rc1.x
asterisk / open_source	1.8.2.2	1.8.2.2.x
asterisk / open_source	1.8.0-beta5	1.8.0-beta5.x
asterisk / open_source	1.8.8.2	1.8.8.2.x
asterisk / open_source	10.2.0-rc2	10.2.0-rc2.x
asterisk / open_source	10.3.0	10.3.0.x
asterisk / open_source	10.2.0-rc1	10.2.0-rc1.x
asterisk / open_source	10.3.0-rc3	10.3.0-rc3.x
asterisk / open_source	10.1.0	10.1.0.x
asterisk / open_source	10.2.1	10.2.1.x
asterisk / open_source	10.2.0-rc4	10.2.0-rc4.x
asterisk / open_source	10.3.0-rc2	10.3.0-rc2.x
asterisk / open_source	10.1.0-rc1	10.1.0-rc1.x
asterisk / open_source	10.0.0	10.0.0.x
asterisk / open_source	10.2.0-rc3	10.2.0-rc3.x
asterisk / open_source	10.1.1	10.1.1.x
asterisk / open_source	10.0.0-beta1	10.0.0-beta1.x
asterisk / open_source	10.2.0	10.2.0.x
asterisk / open_source	10.0.0-rc2	10.0.0-rc2.x
asterisk / open_source	10.1.2	10.1.2.x
asterisk / open_source	10.0.0-rc3	10.0.0-rc3.x
asterisk / open_source	10.1.0-rc2	10.1.0-rc2.x
asterisk / open_source	10.0.1	10.0.1.x
asterisk / open_source	10.0.0-rc1	10.0.0-rc1.x
asterisk / open_source	10.1.3	10.1.3.x
asterisk / open_source	10.0.0-beta2	10.0.0-beta2.x

Vulnerability Database

289,697

CVE-2012-2414