What is the severity of CVE-2014-4046?

The severity of CVE-2014-4046 is classified as high due to the ability of authenticated users to execute arbitrary shell commands.

How do I fix CVE-2014-4046?

To fix CVE-2014-4046, upgrade to Asterisk version 11.10.1 or 12.3.1 or later.

Who is affected by CVE-2014-4046?

CVE-2014-4046 affects Asterisk Open Source versions prior to 11.10.1 and 12.3.1.

What types of actions can be exploited in CVE-2014-4046?

CVE-2014-4046 allows exploitation via the MixMonitor action, enabling arbitrary command execution.

What are the potential impacts of CVE-2014-4046?

The potential impacts of CVE-2014-4046 include loss of data integrity, unauthorized access, and complete system compromise.

Vulnerability/
CVE-2014-4046

medium

6.5

17/6/2014

9/10/2018

CVE-2014-4046

First published: Tue Jun 17 2014(Updated: )

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Asterisk	=11.0.0
Asterisk	=11.0.0-beta1
Asterisk	=11.0.0-beta2
Asterisk	=11.0.0-rc1
Asterisk	=11.0.0-rc2
Asterisk	=11.0.1
Asterisk	=11.0.2
Asterisk	=11.1.0
Asterisk	=11.1.0-rc1
Asterisk	=11.1.0-rc3
Asterisk	=11.1.1
Asterisk	=11.1.2
Asterisk	=11.2.0-rc1
Asterisk	=11.2.0-rc2
Asterisk	=11.3.0-rc1
Asterisk	=11.3.0-rc2
Asterisk	=11.4.0
Asterisk	=11.4.0-rc1
Asterisk	=11.4.0-rc2
Asterisk	=11.4.0-rc3
Asterisk	=11.5.0
Asterisk	=11.5.0-rc1
Asterisk	=11.5.0-rc2
Asterisk	=11.5.1
Asterisk	=11.8.0
Asterisk	=11.8.0-rc1
Asterisk	=11.8.0-rc2
Asterisk	=11.8.0-rc3
Asterisk	=11.8.1
Asterisk	=11.9.0
Asterisk	=11.9.0-rc1
Asterisk	=11.9.0-rc2
Asterisk	=11.10.0
Asterisk	=11.10.0-rc1
Asterisk	=12.0.0
Asterisk	=12.1.0
Asterisk	=12.1.0-rc1
Asterisk	=12.1.0-rc2
Asterisk	=12.1.0-rc3
Asterisk	=12.1.1
Asterisk	=12.2.0
Asterisk	=12.2.0-rc1
Asterisk	=12.2.0-rc2
Asterisk	=12.2.0-rc3
Asterisk	=12.3.0
Asterisk	=12.3.0-rc1
Asterisk	=12.3.0-rc2
Asterisk Certified Asterisk	=11.6-cert1
Asterisk Certified Asterisk	=11.6-cert1_rc1
Asterisk Certified Asterisk	=11.6-cert1_rc2
Asterisk Certified Asterisk	=11.6-cert2
Asterisk Certified Asterisk	=11.6.0
Asterisk Certified Asterisk	=11.6.0-rc1
Asterisk Certified Asterisk	=11.6.0-rc2

Remedy

http://downloads.asterisk.org/pub/security/AST-2014-006.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-4046?
The severity of CVE-2014-4046 is classified as high due to the ability of authenticated users to execute arbitrary shell commands.
How do I fix CVE-2014-4046?
To fix CVE-2014-4046, upgrade to Asterisk version 11.10.1 or 12.3.1 or later.
Who is affected by CVE-2014-4046?
CVE-2014-4046 affects Asterisk Open Source versions prior to 11.10.1 and 12.3.1.
What types of actions can be exploited in CVE-2014-4046?
CVE-2014-4046 allows exploitation via the MixMonitor action, enabling arbitrary command execution.
What are the potential impacts of CVE-2014-4046?
The potential impacts of CVE-2014-4046 include loss of data integrity, unauthorized access, and complete system compromise.

agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/references
agent/remedy
agent/author
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/digium
canonical/asterisk
version/asterisk/11.0.0
version/asterisk/11.0.0-beta1
version/asterisk/11.0.0-beta2
version/asterisk/11.0.0-rc1
version/asterisk/11.0.0-rc2
version/asterisk/11.0.1
version/asterisk/11.0.2
version/asterisk/11.1.0
version/asterisk/11.1.0-rc1
version/asterisk/11.1.0-rc3
version/asterisk/11.1.1
version/asterisk/11.1.2
version/asterisk/11.2.0-rc1
version/asterisk/11.2.0-rc2
version/asterisk/11.3.0-rc1
version/asterisk/11.3.0-rc2
version/asterisk/11.4.0
version/asterisk/11.4.0-rc1
version/asterisk/11.4.0-rc2
version/asterisk/11.4.0-rc3
version/asterisk/11.5.0
version/asterisk/11.5.0-rc1
version/asterisk/11.5.0-rc2
version/asterisk/11.5.1
version/asterisk/11.8.0
version/asterisk/11.8.0-rc1
version/asterisk/11.8.0-rc2
version/asterisk/11.8.0-rc3
version/asterisk/11.8.1
version/asterisk/11.9.0
version/asterisk/11.9.0-rc1
version/asterisk/11.9.0-rc2
version/asterisk/11.10.0
version/asterisk/11.10.0-rc1
version/asterisk/12.0.0
version/asterisk/12.1.0
version/asterisk/12.1.0-rc1
version/asterisk/12.1.0-rc2
version/asterisk/12.1.0-rc3
version/asterisk/12.1.1
version/asterisk/12.2.0
version/asterisk/12.2.0-rc1
version/asterisk/12.2.0-rc2
version/asterisk/12.2.0-rc3
version/asterisk/12.3.0
version/asterisk/12.3.0-rc1
version/asterisk/12.3.0-rc2
canonical/asterisk certified asterisk
version/asterisk certified asterisk/11.6-cert1
version/asterisk certified asterisk/11.6-cert1_rc1
version/asterisk certified asterisk/11.6-cert1_rc2
version/asterisk certified asterisk/11.6-cert2
version/asterisk certified asterisk/11.6.0
version/asterisk certified asterisk/11.6.0-rc1
version/asterisk certified asterisk/11.6.0-rc2

CVE-2014-4046

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-4046?

How do I fix CVE-2014-4046?

Who is affected by CVE-2014-4046?

What types of actions can be exploited in CVE-2014-4046?

What are the potential impacts of CVE-2014-4046?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-4046?

How do I fix CVE-2014-4046?

Who is affected by CVE-2014-4046?

What types of actions can be exploited in CVE-2014-4046?

What are the potential impacts of CVE-2014-4046?