← back
CVE-2013-4468

CVE-2013-4468

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 32%
from disclosure to weapon0 days
Published on NVDMay 14
1st PoCNov 8
metasploitOct 23
exploitation probability
32%top 2% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.