• info
• discussion
• exploit
• solution
• references

Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

Asterisk PBX is prone to a security-bypass vulnerability because the Asterisk Extension Language (AEL) fails to securely generate extensions when compiling arbitrary labels.

An attacker can exploit this issue to bypass security restrictions. The attacker may then be able to access sensitive information and to change user settings.

This issue affects versions in the 1.2.0 and 1.4.0 branches.

This issue affects all versions in the following branches:

1.2.x
1.4.x