The vulnerability of the app_minivm module in the MinivmNotify application of Asterisk and Certified Asterisk management systems allows a perpetrator to execute arbitrary commands.

Vulnerability in app_minivm of MinivmNotify allows command execution via externnotify input in Asterisk.

Reporter	Title	Published	Views	Family All 25
Tenable Nessus	Asterisk 11.x < 11.25.2 / 11.6 < 11.6-cert17 / 13.x < 13.17.1 / 14.x < 14.6.1 / 13.13 < 13.13-cert5 Multiple Vulnerabilities (AST-2017-005 - AST-2017-007)	5 Sep 201700:00	–	nessus
Tenable Nessus	Debian DLA-1122-1 : asterisk security update	6 Oct 201700:00	–	nessus
Tenable Nessus	Debian DSA-3964-1 : asterisk - security update	5 Sep 201700:00	–	nessus
Tenable Nessus	FreeBSD : asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm (c599f95c-8ee5-11e7-8be8-001999f8d30b)	5 Sep 201700:00	–	nessus
Tenable Nessus	GLSA-201710-29 : Asterisk: Multiple vulnerabilities	30 Oct 201700:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2017-14100	20 Aug 202500:00	–	nessus
FreeBSD	asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm	31 Aug 201700:00	–	freebsd
CNVD	Digium Asterisk Open Source and Certified Asterisk Arbitrary Command Execution Vulnerabilities	1 Sep 201700:00	–	cnvd
Check Point Advisories	Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)	8 Oct 201700:00	–	checkpoint_advisories
CVE	CVE-2017-14100	2 Sep 201716:00	–	cve

Vulners

Node

digium,asteriskRange11–11.25.2

digium,asteriskRange13–13.17.1

digium,asteriskRange14–14.6.1

digium,asteriskRange11–11.6-cert17

digium,asteriskRange13–13.13-cert5

Source	Link
downloads	www.downloads.asterisk.org/pub/security/AST-2017-006.html
securitytracker	www.securitytracker.com/id/1039252
bugs	www.bugs.debian.org/873908
issues	www.issues.asterisk.org/jira/browse/ASTERISK-27103
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 27.5

CVSS 39.8

EPSS0.33558