PT-2014-8513 · Digium · Asterisk
Gareth Palmer
·
Published
2014-11-24
·
Updated
2019-07-16
·
CVE-2014-8417
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk versions 11.x through 11.14.0
Asterisk versions 12.x through 12.7.0
Asterisk versions 13.x through 13.0.0
Certified Asterisk versions 11.6 through 11.6-cert7
Description
The issue allows remote authenticated users to gain privileges or execute arbitrary system commands. This can be achieved via vectors related to an external protocol to the CONFBRIDGE dialplan function or through a crafted ConfbridgeStartRecord AMI action.
Recommendations
For Asterisk versions 11.x through 11.14.0, update to version 11.14.1 or later.
For Asterisk versions 12.x through 12.7.0, update to version 12.7.1 or later.
For Asterisk versions 13.x through 13.0.0, update to version 13.0.1 or later.
For Certified Asterisk versions 11.6 through 11.6-cert7, update to version 11.6-cert8 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk