|Category:||Access Control Error|
Published on 24/11/14 - Updated on 25/11/14
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 184.108.40.206, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
No exploits available for this CVE in our database.