Asterisk: Manager User Dialplan Permission Escalation

Home » Asterisk Announces » Asterisk: Manager User Dialplan Permission Escalation
Asterisk Announces No Comments

There was an  Asterisk Manager User Dialplan Permission Escalation vulnerability reported by Matt Jordan about Asterisk PBX. This permission escalation bug which made it possible to compromise remote authenticated sessions was considered as a minor severity vulnerability.

Protocols such as the Asterisk Manager Interface, which offer external control, are often able to set and get channel variables which allows the execution of dialplan functions.

We all know of the power of dialplan functions inside Asterisk. Is that power which allows us to build a plethora of Asterisk based applications. When some functions that are allowed to do more (e.g. execute commands, change files, etc.) are executed from an external protocol, the execution could lead to non desirable results, as a privilege escalation.

Asterisk can now inhibit the execution of these functions from external interfaces such as AMI, if live_dangerously in the [options] section of asterisk.conf is set to no. For backwards compatibility, live_dangerously defaults to yes, and must be explicitly set to no to enable this privilege escalation protection.