CVE-2014-8417Asterisk vulnerability

CWE-2645 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 24.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Digium AsteriskDebian AsteriskDigium Certified Asterisk
Timeline
PublishedNov 24
Latest updateMay 14

Description

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages4 packages

NVDdigium/certified_asterisk11.6, 11.6.0+1
NVDdigium/asterisk11.0.011.14.1+2
debiandebian/asterisk< asterisk 1:13.1.0~dfsg-1 (bullseye)
Debiandigium/asterisk< 1:13.1.0~dfsg-1

🔴Vulnerability Details

2
GHSA
GHSA-44x6-ph3p-558g: ConfBridge in Asterisk 112022-05-14
OSV
CVE-2014-8417: ConfBridge in Asterisk 112014-11-24

📋Vendor Advisories

1
Debian
CVE-2014-8417: asterisk - ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before ...2014

💬Community

1
Bugzilla
CVE-2014-8417 asterisk: Permission escalation through ConfBridge actions/dialplan functions [AST-2014-017]2014-11-21
CVE-2014-8417 — Digium Asterisk vulnerability | cvebase