CVE-2014-8418
published 2014-11-24CVE-2014-8418: The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk…
PriorityP345critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
3.57%
87.9th percentile
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:13.1.0~dfsg-1 (bullseye) | asterisk 1:13.1.0~dfsg-1 (bullseye) |
| digium | asterisk | >= 0 < 1:13.1.0~dfsg-1 | 1:13.1.0~dfsg-1 |
| digium | asterisk | 1.8.0 – 1.8.32.0 | — |
| digium | asterisk | >= 11.0.0 < 11.14.1 | 11.14.1 |
| digium | asterisk | >= 12.0.0 < 12.7.1 | 12.7.1 |
| digium | certified_asterisk | — | — |
| digium | certified_asterisk | — | — |
| digium | certified_asterisk | — | — |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vendor_debian9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-frq6-gwgr-x69w: The DB dialplan function in Asterisk Open Source 1
ghsa_unreviewed·2022-05-14
CVE-2014-8418 [HIGH] GHSA-frq6-gwgr-x69w: The DB dialplan function in Asterisk Open Source 1
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
OSV
CVE-2014-8418: The DB dialplan function in Asterisk Open Source 1
osv·2014-11-24·CVSS 9.0
CVE-2014-8418 [CRITICAL] CVE-2014-8418: The DB dialplan function in Asterisk Open Source 1
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
Debian
CVE-2014-8418: asterisk - The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x befor...
vendor_debian·2014·CVSS 9.0
CVE-2014-8418 [CRITICAL] CVE-2014-8418: asterisk - The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x befor...
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
Scope: local
bullseye: resolved (fixed in 1:13.1.0~dfsg-1)
sid: resolved (fixed in 1:13.1.0~dfsg-1)
No detection rules found.
No public exploits indexed.
2014-11-24
Published