FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- AMI user could execute system commands

Affected packages
asterisk13 < 13.29.2
asterisk16 < 16.6.2


VuXML ID 49b61ab6-0d04-11ea-87ca-001999f8d30b
Discovery 2019-10-10
Entry 2019-11-22

The Asterisk project reports:

A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.


CVE Name CVE-2019-18610