CVE-2014-8417
published 2014-11-24CVE-2014-8417: ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote…
PriorityP340medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
2.36%
81.6th percentile
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:13.1.0~dfsg-1 (bullseye) | asterisk 1:13.1.0~dfsg-1 (bullseye) |
| digium | asterisk | >= 0 < 1:13.1.0~dfsg-1 | 1:13.1.0~dfsg-1 |
| digium | asterisk | >= 11.0.0 < 11.14.1 | 11.14.1 |
| digium | asterisk | >= 12.0.0 < 12.7.1 | 12.7.1 |
| digium | asterisk | >= 13.0.0 < 13.0.1 | 13.0.1 |
| digium | certified_asterisk | — | — |
| digium | certified_asterisk | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-8417: asterisk - ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before ...
vendor_debian·2014·CVSS 6.5
CVE-2014-8417 [MEDIUM] CVE-2014-8417: asterisk - ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before ...
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
Scope: local
bullseye: resolved (fixed in 1:13.1.0~dfsg-1)
sid: resolved (fixed in 1:13.1.0~dfsg-1)
GHSA
GHSA-44x6-ph3p-558g: ConfBridge in Asterisk 11
ghsa_unreviewed·2022-05-14
CVE-2014-8417 [MEDIUM] GHSA-44x6-ph3p-558g: ConfBridge in Asterisk 11
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
OSV
CVE-2014-8417: ConfBridge in Asterisk 11
osv·2014-11-24·CVSS 6.5
CVE-2014-8417 [MEDIUM] CVE-2014-8417: ConfBridge in Asterisk 11
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
No detection rules found.
No public exploits indexed.
2014-11-24
Published