VIR Vulnerability Intelligence Relay

CVE-2014-4046

medium
Published 2014-06-17 · Modified 2026-05-06
CVSS v3
VIR risk
6.5

Description

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
debian debianbullseyefixed1:11.10.2~dfsg-1
debian debiansidfixed1:11.10.2~dfsg-1

Application impact
VendorProductVersionsFixed
digiumasterisk11.0.0
digiumasterisk11.0.1
digiumasterisk11.0.2
digiumasterisk11.1.0
digiumasterisk11.1.1
digiumasterisk11.1.2
digiumasterisk11.2.0
digiumasterisk11.3.0
digiumasterisk11.4.0
digiumasterisk11.5.0
digiumasterisk11.5.1
digiumasterisk11.8.0
digiumasterisk11.8.1
digiumasterisk11.9.0
digiumasterisk11.10.0
digiumasterisk12.0.0
digiumasterisk12.1.0
digiumasterisk12.1.1
digiumasterisk12.2.0
digiumasterisk12.3.0
digiumcertified_asterisk11.6
digiumcertified_asterisk11.6.0

References

💬 Discuss CVE-2014-4046 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.