CVE-2014-8417CVE-2014-8417

Affected configuration(s):

cpe:/a:digium:asterisk:11.14.0::~~lts~~~
cpe:/a:digium:asterisk:12.7.0::~~standard~~~
cpe:/a:digium:asterisk:13.0.0::~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert1:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert2:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert3:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert4:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert5:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert6:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert7:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6.0::~~lts~~~

Date published: 2014-11-24T10:59:09.343-05:00

Date last modified: 2014-11-25T15:12:57.917-05:00

CVSS Score: 6.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://downloads.asterisk.org/pub/security/AST-2014-017.html

Summary: ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.