CVE-2014-8417
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
ConfBridge en Asterisk 11.x anterior a 11.14.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 permite a usuarios remotos autenticados (1) ganar privilegios a través de vectores relacionados con un protocolo externo en la función CONFBRIDGE dialplan o (2) ejecutar comandos del sistema arbitrarios a través de una acción ConfbridgeStartRecord AMI manipulada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-22 CVE Reserved
- 2014-11-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://downloads.asterisk.org/pub/security/AST-2014-017.html | 2019-07-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 11.0.0 < 11.14.1 Search vendor "Digium" for product "Asterisk" and version " >= 11.0.0 < 11.14.1" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 12.0.0 < 12.7.1 Search vendor "Digium" for product "Asterisk" and version " >= 12.0.0 < 12.7.1" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 13.0.0 < 13.0.1 Search vendor "Digium" for product "Asterisk" and version " >= 13.0.0 < 13.0.1" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6 Search vendor "Digium" for product "Certified Asterisk" and version "11.6" | cert1 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6 Search vendor "Digium" for product "Certified Asterisk" and version "11.6" | cert2 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6 Search vendor "Digium" for product "Certified Asterisk" and version "11.6" | cert3 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6 Search vendor "Digium" for product "Certified Asterisk" and version "11.6" | cert4 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6 Search vendor "Digium" for product "Certified Asterisk" and version "11.6" | cert5 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6 Search vendor "Digium" for product "Certified Asterisk" and version "11.6" | cert6 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6 Search vendor "Digium" for product "Certified Asterisk" and version "11.6" | cert7 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 11.6.0 Search vendor "Digium" for product "Certified Asterisk" and version "11.6.0" | - |
Affected
|