CVE-2010-1224

Опубликовано: 01 апр. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.13:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.17:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.18:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.18:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.18:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.19:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.20:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.21:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.21:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.22:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.23:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.0.24:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.01

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2010-1224

ubuntu

больше 15 лет назад

CVE-2010-1224

debian

больше 15 лет назад

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x be ...

GHSA-97m6-wvfm-vj4p

github

больше 3 лет назад

EPSS

Процентиль: 76%

0.01

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264