PT-2017-13194 · Digium · Asterisk Gui

Davy Douhine

Published

2017-09-26

Updated

2019-10-09

CVE-2017-14001

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Digium Asterisk GUI versions 2.1.0 and prior

Description An issue with improper neutralization of special elements used in an OS command was found, which may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

Recommendations For Digium Asterisk GUI versions 2.1.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2017-14001

Affected Products

Asterisk Gui

PT-2017-13194 · Digium · Asterisk Gui

CVE-2017-14001

Weakness Enumeration

Related Identifiers

Affected Products

References · 4