exploitDog

CVE-2017-14001

Опубликовано: 26 сент. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

Ссылки

http://www.securityfocus.com/bid/100950
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-03
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/100950
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:digium:asterisk_gui:*:*:*:*:*:*:*:*

Версия до 2.1.0 (включая)

EPSS

Процентиль: 82%

0.01654

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-6j77-p2p8-fv4q

CVSS3: 8.8

github

больше 3 лет назад

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

EPSS

Процентиль: 82%

0.01654

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

CWE-78