Lucene search

K
cveMitreCVE-2010-0685
HistoryFeb 23, 2010 - 8:30 p.m.

CVE-2010-0685

2010-02-2320:30:00
mitre
web.nvd.nist.gov
49
cve-2010-0685
asterisk
open source
vulnerability
dialplan
sip invite
metacharacters

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.009

Percentile

83.2%

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

Affected configurations

Nvd
Node
digiumasteriskMatch1.2.0
OR
digiumasteriskMatch1.2.0beta1
OR
digiumasteriskMatch1.2.0beta2
OR
digiumasteriskMatch1.2.0rc1
OR
digiumasteriskMatch1.2.0rc2
OR
digiumasteriskMatch1.2.1
OR
digiumasteriskMatch1.2.2
OR
digiumasteriskMatch1.2.2netsec
OR
digiumasteriskMatch1.2.3
OR
digiumasteriskMatch1.2.3netsec
OR
digiumasteriskMatch1.2.6
OR
digiumasteriskMatch1.2.7
OR
digiumasteriskMatch1.2.8
OR
digiumasteriskMatch1.2.9
OR
digiumasteriskMatch1.2.10
OR
digiumasteriskMatch1.2.10netsec
OR
digiumasteriskMatch1.2.11
OR
digiumasteriskMatch1.2.11netsec
OR
digiumasteriskMatch1.2.12
OR
digiumasteriskMatch1.2.12netsec
OR
digiumasteriskMatch1.2.12.1
OR
digiumasteriskMatch1.2.12.1netsec
OR
digiumasteriskMatch1.2.13
OR
digiumasteriskMatch1.2.13netsec
OR
digiumasteriskMatch1.2.14
OR
digiumasteriskMatch1.2.15
OR
digiumasteriskMatch1.2.15netsec
OR
digiumasteriskMatch1.2.16
OR
digiumasteriskMatch1.2.16netsec
OR
digiumasteriskMatch1.2.17
OR
digiumasteriskMatch1.2.17netsec
OR
digiumasteriskMatch1.2.18
OR
digiumasteriskMatch1.2.18netsec
OR
digiumasteriskMatch1.2.19
OR
digiumasteriskMatch1.2.19netsec
OR
digiumasteriskMatch1.2.20
OR
digiumasteriskMatch1.2.20netsec
OR
digiumasteriskMatch1.2.21
OR
digiumasteriskMatch1.2.21netsec
OR
digiumasteriskMatch1.2.21.1
OR
digiumasteriskMatch1.2.21.1netsec
OR
digiumasteriskMatch1.2.22
OR
digiumasteriskMatch1.2.22netsec
OR
digiumasteriskMatch1.2.23
OR
digiumasteriskMatch1.2.23netsec
OR
digiumasteriskMatch1.2.24
OR
digiumasteriskMatch1.2.24netsec
OR
digiumasteriskMatch1.2.25
OR
digiumasteriskMatch1.2.25netsec
OR
digiumasteriskMatch1.2.26
OR
digiumasteriskMatch1.2.26netsec
OR
digiumasteriskMatch1.2.26.1
OR
digiumasteriskMatch1.2.26.1netsec
OR
digiumasteriskMatch1.2.26.2
OR
digiumasteriskMatch1.2.26.2netsec
OR
digiumasteriskMatch1.2.27
OR
digiumasteriskMatch1.2.28
OR
digiumasteriskMatch1.2.28.1
OR
digiumasteriskMatch1.2.29
OR
digiumasteriskMatch1.2.30
OR
digiumasteriskMatch1.2.30.1
OR
digiumasteriskMatch1.2.30.2
OR
digiumasteriskMatch1.2.30.3
OR
digiumasteriskMatch1.2.30.4
OR
digiumasteriskMatch1.2.31
OR
digiumasteriskMatch1.2.31.1
OR
digiumasteriskMatch1.2.32
OR
digiumasteriskMatch1.2.33
OR
digiumasteriskMatch1.2.34
OR
digiumasteriskMatch1.2.35
OR
digiumasteriskMatch1.2.36
OR
digiumasteriskMatch1.4.0
OR
digiumasteriskMatch1.4.1
OR
digiumasteriskMatch1.4.2
OR
digiumasteriskMatch1.4.3
OR
digiumasteriskMatch1.4.4
OR
digiumasteriskMatch1.4.5
OR
digiumasteriskMatch1.4.6
OR
digiumasteriskMatch1.4.7
OR
digiumasteriskMatch1.4.8
OR
digiumasteriskMatch1.4.9
OR
digiumasteriskMatch1.4.10
OR
digiumasteriskMatch1.4.11
OR
digiumasteriskMatch1.4.12
OR
digiumasteriskMatch1.4.13
OR
digiumasteriskMatch1.4.14
OR
digiumasteriskMatch1.4.15
OR
digiumasteriskMatch1.4.16
OR
digiumasteriskMatch1.4.17
OR
digiumasteriskMatch1.4.18
OR
digiumasteriskMatch1.4.19
OR
digiumasteriskMatch1.4.20
OR
digiumasteriskMatch1.4.21
OR
digiumasteriskMatch1.4.22
OR
digiumasteriskMatch1.4.23
OR
digiumasteriskMatch1.4.24
OR
digiumasteriskMatch1.4.25
OR
digiumasteriskMatch1.4.26
OR
digiumasteriskMatch1.4.27
OR
digiumasteriskMatch1.6.0
OR
digiumasteriskMatch1.6.1
OR
digiumasteriskMatch1.6.1.0
OR
digiumasteriskMatch1.6.2.0
Node
digiumasteriskMatchb.1.3.2-business
OR
digiumasteriskMatchb.1.3.3-business
OR
digiumasteriskMatchb.2.2.0-business
OR
digiumasteriskMatchb.2.2.1-business
OR
digiumasteriskMatchb.2.3.1-business
OR
digiumasteriskMatchb.2.3.2-business
OR
digiumasteriskMatchb.2.3.3-business
OR
digiumasteriskMatchb.2.3.4-business
OR
digiumasteriskMatchb.2.3.5-business
OR
digiumasteriskMatchb.2.3.6-business
OR
digiumasteriskMatchb.2.5.0-business
OR
digiumasteriskMatchb.2.5.1-business
OR
digiumasteriskMatchb.2.5.2-business
OR
digiumasteriskMatchb.2.5.3-business
OR
digiumasteriskMatchc.1.0beta7business
OR
digiumasteriskMatchc.1.0beta8business
OR
digiumasteriskMatchc.1.6-business
OR
digiumasteriskMatchc.1.6.1-business
OR
digiumasteriskMatchc.1.6.2-business
OR
digiumasteriskMatchc.1.8.0-business
OR
digiumasteriskMatchc.1.8.1-business
OR
digiumasteriskMatchc.2.3-business
OR
digiumasteriskMatchc.3.0-business
VendorProductVersionCPE
digiumasterisk1.2.0cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*
digiumasterisk1.2.0cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*
digiumasterisk1.2.0cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*
digiumasterisk1.2.0cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*
digiumasterisk1.2.0cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*
digiumasterisk1.2.1cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*
digiumasterisk1.2.2cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*
digiumasterisk1.2.2cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*
digiumasterisk1.2.3cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*
digiumasterisk1.2.3cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*
Rows per page:
1-10 of 1261

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.009

Percentile

83.2%