Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-8418

Опубликовано: 24 нояб. 2014
Источник: nvd
CVSS2: 9
EPSS Низкий

Описание

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 1.8.0 (включая) до 1.8.32.0 (включая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.14.1 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 12.0.0 (включая) до 12.7.1 (исключая)

EPSS

Процентиль: 79%
0.01284
Низкий

9 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2014-8418

ubuntu
около 11 лет назад

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

debian логотип

CVE-2014-8418

debian
около 11 лет назад

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...

github логотип

GHSA-frq6-gwgr-x69w

github
больше 3 лет назад

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

EPSS

Процентиль: 79%
0.01284
Низкий

9 Critical

CVSS2

Дефекты

CWE-264