CVE-2017-14100CVE-2017-14100

Affected configuration(s):

cpe:/a:digium:asterisk:11.0.0
cpe:/a:digium:asterisk:11.0.0:beta1
cpe:/a:digium:asterisk:11.0.0:beta2
cpe:/a:digium:asterisk:11.0.0:rc1
cpe:/a:digium:asterisk:11.0.0:rc2
cpe:/a:digium:asterisk:11.0.1
cpe:/a:digium:asterisk:11.0.2
cpe:/a:digium:asterisk:11.1.0
cpe:/a:digium:asterisk:11.1.0:rc1
cpe:/a:digium:asterisk:11.1.0:rc2
cpe:/a:digium:asterisk:11.1.0:rc3
cpe:/a:digium:asterisk:11.1.1
cpe:/a:digium:asterisk:11.1.2
cpe:/a:digium:asterisk:11.2.0:rc1
cpe:/a:digium:asterisk:11.2.1
cpe:/a:digium:asterisk:11.2.2
cpe:/a:digium:asterisk:11.4.0:rc4
cpe:/a:digium:asterisk:11.6.0
cpe:/a:digium:asterisk:11.6.0:rc1
cpe:/a:digium:asterisk:11.6.0:rc2
cpe:/a:digium:asterisk:11.6.1
cpe:/a:digium:asterisk:11.7.0
cpe:/a:digium:asterisk:11.7.0:rc1
cpe:/a:digium:asterisk:11.7.0:rc2
cpe:/a:digium:asterisk:11.8.0:-
cpe:/a:digium:asterisk:11.8.0:rc1
cpe:/a:digium:asterisk:11.8.0:rc2
cpe:/a:digium:asterisk:11.8.0:rc3
cpe:/a:digium:asterisk:11.8.1
cpe:/a:digium:asterisk:11.9.0
cpe:/a:digium:asterisk:11.9.0:rc1
cpe:/a:digium:asterisk:11.9.0:rc2
cpe:/a:digium:asterisk:11.9.0:rc3
cpe:/a:digium:asterisk:11.10.0
cpe:/a:digium:asterisk:11.10.0:rc1
cpe:/a:digium:asterisk:11.10.1
cpe:/a:digium:asterisk:11.10.1:rc1
cpe:/a:digium:asterisk:11.10.2
cpe:/a:digium:asterisk:11.11.0
cpe:/a:digium:asterisk:11.11.0:rc1
cpe:/a:digium:asterisk:11.12.0
cpe:/a:digium:asterisk:11.12.0:rc1
cpe:/a:digium:asterisk:11.12.1
cpe:/a:digium:asterisk:11.13.0
cpe:/a:digium:asterisk:11.13.0:rc1
cpe:/a:digium:asterisk:11.13.1
cpe:/a:digium:asterisk:11.14.0::~~lts~~~
cpe:/a:digium:asterisk:11.14.0:rc1
cpe:/a:digium:asterisk:11.14.0:rc2
cpe:/a:digium:asterisk:11.14.1
cpe:/a:digium:asterisk:11.14.2
cpe:/a:digium:asterisk:11.15.0:rc1
cpe:/a:digium:asterisk:11.15.0:rc2
cpe:/a:digium:asterisk:11.15.1
cpe:/a:digium:asterisk:11.16.0:rc1
cpe:/a:digium:asterisk:11.17.0:rc1
cpe:/a:digium:asterisk:11.17.1
cpe:/a:digium:asterisk:11.18.0
cpe:/a:digium:asterisk:11.18.0:rc1
cpe:/a:digium:asterisk:11.19.0:rc1
cpe:/a:digium:asterisk:11.20.0:rc1
cpe:/a:digium:asterisk:11.21.0:rc1
cpe:/a:digium:asterisk:11.21.0:rc2
cpe:/a:digium:asterisk:11.21.1
cpe:/a:digium:asterisk:11.21.2
cpe:/a:digium:asterisk:11.22.0
cpe:/a:digium:asterisk:11.22.0:rc1
cpe:/a:digium:asterisk:11.23.0
cpe:/a:digium:asterisk:11.23.0:rc1
cpe:/a:digium:asterisk:11.23.1
cpe:/a:digium:asterisk:11.24.0
cpe:/a:digium:asterisk:11.24.1
cpe:/a:digium:asterisk:11.25.0
cpe:/a:digium:asterisk:11.25.1
cpe:/a:digium:asterisk:13.0.0::~~lts~~~
cpe:/a:digium:asterisk:13.0.0:beta1
cpe:/a:digium:asterisk:13.0.0:beta2
cpe:/a:digium:asterisk:13.0.0:beta3
cpe:/a:digium:asterisk:13.0.1
cpe:/a:digium:asterisk:13.0.2
cpe:/a:digium:asterisk:13.1.0
cpe:/a:digium:asterisk:13.1.0:rc1
cpe:/a:digium:asterisk:13.1.0:rc2
cpe:/a:digium:asterisk:13.1.1
cpe:/a:digium:asterisk:13.2.0
cpe:/a:digium:asterisk:13.2.0:rc1
cpe:/a:digium:asterisk:13.2.1
cpe:/a:digium:asterisk:13.3.0:rc1
cpe:/a:digium:asterisk:13.3.2
cpe:/a:digium:asterisk:13.4.0
cpe:/a:digium:asterisk:13.4.0:rc1
cpe:/a:digium:asterisk:13.5.0
cpe:/a:digium:asterisk:13.5.0:rc1
cpe:/a:digium:asterisk:13.6.0:rc1
cpe:/a:digium:asterisk:13.7.0:rc1
cpe:/a:digium:asterisk:13.7.0:rc2
cpe:/a:digium:asterisk:13.7.1
cpe:/a:digium:asterisk:13.7.2
cpe:/a:digium:asterisk:13.8.0
cpe:/a:digium:asterisk:13.8.0:rc1
cpe:/a:digium:asterisk:13.8.1
cpe:/a:digium:asterisk:13.8.2
cpe:/a:digium:asterisk:13.9.0
cpe:/a:digium:asterisk:13.9.1
cpe:/a:digium:asterisk:13.10.0
cpe:/a:digium:asterisk:13.10.0:rc1
cpe:/a:digium:asterisk:13.11.0
cpe:/a:digium:asterisk:13.11.1
cpe:/a:digium:asterisk:13.11.2
cpe:/a:digium:asterisk:13.12
cpe:/a:digium:asterisk:13.12.0
cpe:/a:digium:asterisk:13.12.1
cpe:/a:digium:asterisk:13.12.2
cpe:/a:digium:asterisk:13.13
cpe:/a:digium:asterisk:13.13.0
cpe:/a:digium:asterisk:13.13.1
cpe:/a:digium:asterisk:13.14.0
cpe:/a:digium:asterisk:13.14.0:rc1
cpe:/a:digium:asterisk:13.14.0:rc2
cpe:/a:digium:asterisk:13.14.1
cpe:/a:digium:asterisk:13.15.0
cpe:/a:digium:asterisk:13.15.0:rc1
cpe:/a:digium:asterisk:13.15.0:rc2
cpe:/a:digium:asterisk:13.15.0:rc3
cpe:/a:digium:asterisk:13.15.1
cpe:/a:digium:asterisk:13.16.0
cpe:/a:digium:asterisk:13.16.0:rc1
cpe:/a:digium:asterisk:13.16.0:rc2
cpe:/a:digium:asterisk:13.17.0
cpe:/a:digium:asterisk:13.17.0:rc1
cpe:/a:digium:asterisk:14.0
cpe:/a:digium:asterisk:14.0.0
cpe:/a:digium:asterisk:14.0.0:beta1
cpe:/a:digium:asterisk:14.0.0:beta2
cpe:/a:digium:asterisk:14.0.0:rc1
cpe:/a:digium:asterisk:14.0.0:rc2
cpe:/a:digium:asterisk:14.0.1
cpe:/a:digium:asterisk:14.0.2
cpe:/a:digium:asterisk:14.01
cpe:/a:digium:asterisk:14.1.0
cpe:/a:digium:asterisk:14.1.1
cpe:/a:digium:asterisk:14.1.2
cpe:/a:digium:asterisk:14.2
cpe:/a:digium:asterisk:14.2.0
cpe:/a:digium:asterisk:14.2.1
cpe:/a:digium:asterisk:14.3.0
cpe:/a:digium:asterisk:14.3.0:rc1
cpe:/a:digium:asterisk:14.3.0:rc2
cpe:/a:digium:asterisk:14.3.1
cpe:/a:digium:asterisk:14.4.0
cpe:/a:digium:asterisk:14.4.0:rc1
cpe:/a:digium:asterisk:14.4.0:rc2
cpe:/a:digium:asterisk:14.4.0:rc3
cpe:/a:digium:asterisk:14.4.1
cpe:/a:digium:asterisk:14.5.0
cpe:/a:digium:asterisk:14.5.0:rc1
cpe:/a:digium:asterisk:14.5.0:rc2
cpe:/a:digium:asterisk:14.6.0
cpe:/a:digium:asterisk:14.6.0:rc1
cpe:/a:digium:certified_asterisk:11.6:cert1
cpe:/a:digium:certified_asterisk:11.6:cert10
cpe:/a:digium:certified_asterisk:11.6:cert11
cpe:/a:digium:certified_asterisk:11.6:cert12
cpe:/a:digium:certified_asterisk:11.6:cert13
cpe:/a:digium:certified_asterisk:11.6:cert14
cpe:/a:digium:certified_asterisk:11.6:cert14_rc1
cpe:/a:digium:certified_asterisk:11.6:cert14_rc2
cpe:/a:digium:certified_asterisk:11.6:cert15
cpe:/a:digium:certified_asterisk:11.6:cert16
cpe:/a:digium:certified_asterisk:11.6:cert1_rc1
cpe:/a:digium:certified_asterisk:11.6:cert1_rc2
cpe:/a:digium:certified_asterisk:11.6:cert2
cpe:/a:digium:certified_asterisk:11.6:cert3
cpe:/a:digium:certified_asterisk:11.6:cert4
cpe:/a:digium:certified_asterisk:11.6:cert5
cpe:/a:digium:certified_asterisk:11.6:cert6
cpe:/a:digium:certified_asterisk:11.6:cert7
cpe:/a:digium:certified_asterisk:11.6:cert8
cpe:/a:digium:certified_asterisk:11.6:cert9
cpe:/a:digium:certified_asterisk:13.13:cert1
cpe:/a:digium:certified_asterisk:13.13:cert1_rc1
cpe:/a:digium:certified_asterisk:13.13:cert1_rc2
cpe:/a:digium:certified_asterisk:13.13:cert1_rc3
cpe:/a:digium:certified_asterisk:13.13:cert1_rc4
cpe:/a:digium:certified_asterisk:13.13:cert2
cpe:/a:digium:certified_asterisk:13.13:cert3
cpe:/a:digium:certified_asterisk:13.13:cert4

Date published: 2017-09-02T12:29:00.333-04:00

Date last modified: 2017-11-03T21:29:35.553-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://downloads.asterisk.org/pub/security/AST-2017-006.html

Summary: In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an “externnotify” program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.