"This means you activate the exploit before pre-authentication on the network and before any error handling occurs which makes it a really nice vulnerability to exploit; it is straightforward with only a few dependencies."

Boileau said it is a combination of two normal classes of vulnerabilities and when it is together provides the right root access.

"We have written the exploit internally and have no intention of releasing it. There is no public material available to use this as a functional exploit; however, there are some problems running this exploit in a production environment," he said.

"The proof of concept is exploitable and it would take a skilled black hat just a few days to make a reliable weaponized exploit for a script kiddie."

Boileau said use of Asterisk is not so common in the corporate analog phone space but is used heavily in the ISP and VOIP market.