CVE-2010-1224
published 2010-04-01CVE-2010-1224: main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
3.55%
87.8th percentile
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.6.2.6-1 (bullseye) | asterisk 1:1.6.2.6-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-1224: asterisk - main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1...
vendor_debian·2010·CVSS 4.3
CVE-2010-1224 [MEDIUM] CVE-2010-1224: asterisk - main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1...
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
Scope: local
bullseye: resolved (fixed in 1:1.6.2.6-1)
sid: resolved (fixed in 1:1.6.2.6-1)
GHSA
GHSA-97m6-wvfm-vj4p: main/acl
ghsa_unreviewed·2022-05-02
CVE-2010-1224 [MEDIUM] GHSA-97m6-wvfm-vj4p: main/acl
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
OSV
CVE-2010-1224: main/acl
osv·2010-04-01·CVSS 4.3
CVE-2010-1224 [MEDIUM] CVE-2010-1224: main/acl
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diffhttp://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diffhttp://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diffhttp://downloads.asterisk.org/pub/security/AST-2010-003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.htmlhttp://osvdb.org/62588http://secunia.com/advisories/38752http://secunia.com/advisories/39096http://www.securityfocus.com/archive/1/509757/100/0/threadedhttp://www.securityfocus.com/bid/38424http://www.vupen.com/english/advisories/2010/0475https://exchange.xforce.ibmcloud.com/vulnerabilities/56552http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diffhttp://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diffhttp://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diffhttp://downloads.asterisk.org/pub/security/AST-2010-003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.htmlhttp://osvdb.org/62588http://secunia.com/advisories/38752http://secunia.com/advisories/39096http://www.securityfocus.com/archive/1/509757/100/0/threadedhttp://www.securityfocus.com/bid/38424http://www.vupen.com/english/advisories/2010/0475https://exchange.xforce.ibmcloud.com/vulnerabilities/56552
2010-04-01
Published