CVE-2010-0685
published 2010-02-23CVE-2010-0685: The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.38%
68.7th percentile
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
Affected
99 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.6.2.6-1 (bullseye) | asterisk 1:1.6.2.6-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-0685: asterisk - The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, a...
vendor_debian·2010·CVSS 5.0
CVE-2010-0685 [MEDIUM] CVE-2010-0685: asterisk - The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, a...
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
Scope: local
bullseye: resolved (fixed in 1:1.6.2.6-1)
sid: resolved (fixed in 1:1.6.2.6-1)
GHSA
GHSA-2w2c-jqh6-rwvr: The design of the dialplan functionality in Asterisk Open Source 1
ghsa_unreviewed·2022-05-02
CVE-2010-0685 [MEDIUM] GHSA-2w2c-jqh6-rwvr: The design of the dialplan functionality in Asterisk Open Source 1
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
OSV
CVE-2010-0685: The design of the dialplan functionality in Asterisk Open Source 1
osv·2010-02-23·CVSS 5.0
CVE-2010-0685 [MEDIUM] CVE-2010-0685: The design of the dialplan functionality in Asterisk Open Source 1
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://downloads.digium.com/pub/security/AST-2010-002.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.htmlhttp://secunia.com/advisories/38641http://secunia.com/advisories/39096http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txthttp://www.securityfocus.com/archive/1/509608/100/0/threadedhttp://www.securitytracker.com/id?1023637http://www.vupen.com/english/advisories/2010/0439https://exchange.xforce.ibmcloud.com/vulnerabilities/56397http://downloads.digium.com/pub/security/AST-2010-002.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.htmlhttp://secunia.com/advisories/38641http://secunia.com/advisories/39096http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txthttp://www.securityfocus.com/archive/1/509608/100/0/threadedhttp://www.securitytracker.com/id?1023637http://www.vupen.com/english/advisories/2010/0439https://exchange.xforce.ibmcloud.com/vulnerabilities/56397
2010-02-23
Published