Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-8412

Опубликовано: 24 нояб. 2014
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 1.8.0 (включая) до 1.8.32.1 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.14.1 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 12.0.0 (включая) до 12.7.1 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 13.0.0 (включая) до 13.0.1 (исключая)

EPSS

Процентиль: 69%
0.00597
Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2014-8412

ubuntu
около 11 лет назад

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

debian логотип

CVE-2014-8412

debian
около 11 лет назад

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Inte ...

github логотип

GHSA-hr4p-r869-mq9r

github
больше 3 лет назад

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

EPSS

Процентиль: 69%
0.00597
Низкий

5 Medium

CVSS2

Дефекты

CWE-264