CVE-2014-8418CVE-2014-8418

Affected configuration(s):

cpe:/a:digium:asterisk:1.8.32.0::~~lts~~~
cpe:/a:digium:asterisk:11.14.0::~~lts~~~
cpe:/a:digium:asterisk:12.7.0::~~standard~~~
cpe:/a:digium:certified_asterisk:1.8.28:cert1:~~lts~~~
cpe:/a:digium:certified_asterisk:1.8.28:cert2:~~lts~~~
cpe:/a:digium:certified_asterisk:1.8.28.0::~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert1:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert2:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert3:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert4:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert5:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert6:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6:cert7:~~lts~~~
cpe:/a:digium:certified_asterisk:11.6.0::~~lts~~~

Date published: 2014-11-24T10:59:10.157-05:00

Date last modified: 2014-11-25T15:14:26.783-05:00

CVSS Score: 9.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://downloads.asterisk.org/pub/security/AST-2014-018.html

Summary: The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.