PT-2017-13194 · Digium · Asterisk Gui

Davy Douhine

Publicado

2017-09-26

Atualizado

2019-10-09

CVE-2017-14001

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Digium Asterisk GUI versions 2.1.0 and prior

Description An issue with improper neutralization of special elements used in an OS command was found, which may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

Recommendations For Digium Asterisk GUI versions 2.1.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2017-14001

Produtos afetados

Asterisk Gui

PT-2017-13194 · Digium · Asterisk Gui

CVE-2017-14001

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4