// For flags

CVE-2014-8414

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

ConfBridge en Asterisk 11.x anterior a 11.14.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 no maneja debida mente los cambios de estado, lo que permite a atacantes remotos causar una denegaciĆ³n de servicio (cuelgue de canal y consumo de memoria) al causar que transiciones se retrasen, lo que provoca un cambio de estado de estar colgado a estar esperado medios.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-22 CVE Reserved
  • 2014-11-24 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
<= 11.14.0
Search vendor "Digium" for product "Asterisk" and version " <= 11.14.0"
lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6
Search vendor "Digium" for product "Certified Asterisk" and version "11.6"
cert1, lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6
Search vendor "Digium" for product "Certified Asterisk" and version "11.6"
cert2, lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6
Search vendor "Digium" for product "Certified Asterisk" and version "11.6"
cert3, lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6
Search vendor "Digium" for product "Certified Asterisk" and version "11.6"
cert4, lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6
Search vendor "Digium" for product "Certified Asterisk" and version "11.6"
cert5, lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6
Search vendor "Digium" for product "Certified Asterisk" and version "11.6"
cert6, lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6
Search vendor "Digium" for product "Certified Asterisk" and version "11.6"
cert7, lts
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
11.6.0
Search vendor "Digium" for product "Certified Asterisk" and version "11.6.0"
lts
Affected