CVE-2007-1595
published 2007-03-22CVE-2007-1595: The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.60%
83.4th percentile
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | asterisk | — | — |
| asterisk | asterisk | >= 0 < 1:1.4.0~dfsg-1 | 1:1.4.0~dfsg-1 |
| debian | asterisk | < asterisk 1:1.4.0~dfsg-1 (bullseye) | asterisk 1:1.4.0~dfsg-1 (bullseye) |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-1595: asterisk - The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not prop...
vendor_debian·2007·CVSS 7.5
CVE-2007-1595 [HIGH] CVE-2007-1595: asterisk - The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not prop...
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
Scope: local
bullseye: resolved (fixed in 1:1.4.0~dfsg-1)
sid: resolved (fixed in 1:1.4.0~dfsg-1)
GHSA
GHSA-2h5w-3h6g-pgqq: The Asterisk Extension Language (AEL) in pbx/pbx_ael
ghsa_unreviewed·2022-05-01
CVE-2007-1595 [HIGH] GHSA-2h5w-3h6g-pgqq: The Asterisk Extension Language (AEL) in pbx/pbx_ael
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
OSV
CVE-2007-1595: The Asterisk Extension Language (AEL) in pbx/pbx_ael
osv·2007-03-22·CVSS 7.5
CVE-2007-1595 [HIGH] CVE-2007-1595: The Asterisk Extension Language (AEL) in pbx/pbx_ael
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.digium.com/view.php?id=9316http://secunia.com/advisories/24694http://secunia.com/advisories/25582http://svn.digium.com/view/asterisk?rev=59073&view=revhttp://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://www.securityfocus.com/bid/23155http://www.vupen.com/english/advisories/2007/1123http://bugs.digium.com/view.php?id=9316http://secunia.com/advisories/24694http://secunia.com/advisories/25582http://svn.digium.com/view/asterisk?rev=59073&view=revhttp://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://www.securityfocus.com/bid/23155http://www.vupen.com/english/advisories/2007/1123
2007-03-22
Published