Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-7617

Опубликовано: 10 апр. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Средний

Описание

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*
cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*
Версия до 13.13-cert2 (включая)

EPSS

Процентиль: 96%
0.22039
Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2017-7617

CVSS3: 8.8
ubuntu
почти 9 лет назад

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

debian логотип

CVE-2017-7617

CVSS3: 8.8
debian
почти 9 лет назад

Remote code execution can occur in Asterisk Open Source 13.x before 13 ...

github логотип

GHSA-fw6v-c6vw-rqq9

CVSS3: 8.8
github
больше 3 лет назад

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

EPSS

Процентиль: 96%
0.22039
Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-119