CVE-2014-8413 — Asterisk vulnerability

CWE-2645 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 44.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedNov 24

Latest updateMay 14

Description

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDdigium/asterisk12.0.0 — 12.7.1+1

▶debiandebian/asterisk< asterisk 1:13.1.0~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:13.1.0~dfsg-1

🔴Vulnerability Details

GHSA

GHSA-ggm4-h95w-6cxw: The res_pjsip_acl module in Asterisk Open Source 12↗2022-05-14

▶

OSV

CVE-2014-8413: The res_pjsip_acl module in Asterisk Open Source 12↗2014-11-24

▶

📋Vendor Advisories

Debian

CVE-2014-8413: asterisk - The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x bef...↗2014

▶

💬Community

Bugzilla

CVE-2014-8413 asterisk: security bypass in res_pjsip_acl↗2019-08-13

▶