CVE-2014-8417

2014-11-2415:59:09

CWE-264

mitre

web.nvd.nist.gov

asterisk

confbridge

cve-2014-8417

privilege escalation

arbitrary command execution

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.003

Percentile

66.4%

JSON

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

Affected configurations

Nvd

Node

digiumasteriskRange11.0.0–11.14.1

digiumasteriskRange12.0.0–12.7.1

digiumasteriskRange13.0.0–13.0.1

Node

digiumcertified_asteriskMatch11.6cert1

digiumcertified_asteriskMatch11.6cert2

digiumcertified_asteriskMatch11.6cert3

digiumcertified_asteriskMatch11.6cert4

digiumcertified_asteriskMatch11.6cert5

digiumcertified_asteriskMatch11.6cert6

digiumcertified_asteriskMatch11.6cert7

digiumcertified_asteriskMatch11.6.0-

VendorProductVersionCPE
digiumasterisk*cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
digiumcertified_asterisk11.6cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*
digiumcertified_asterisk11.6cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*
digiumcertified_asterisk11.6cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*
digiumcertified_asterisk11.6cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*
digiumcertified_asterisk11.6cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*
digiumcertified_asterisk11.6cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*
digiumcertified_asterisk11.6cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*
digiumcertified_asterisk11.6.0cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
digium	asterisk	*	cpe:2.3:a:digium:asterisk::::::::
digium	certified_asterisk	11.6	cpe:2.3:a:digium:certified_asterisk:11.6:cert1::::::
digium	certified_asterisk	11.6	cpe:2.3:a:digium:certified_asterisk:11.6:cert2::::::
digium	certified_asterisk	11.6	cpe:2.3:a:digium:certified_asterisk:11.6:cert3::::::
digium	certified_asterisk	11.6	cpe:2.3:a:digium:certified_asterisk:11.6:cert4::::::
digium	certified_asterisk	11.6	cpe:2.3:a:digium:certified_asterisk:11.6:cert5::::::
digium	certified_asterisk	11.6	cpe:2.3:a:digium:certified_asterisk:11.6:cert6::::::
digium	certified_asterisk	11.6	cpe:2.3:a:digium:certified_asterisk:11.6:cert7::::::
digium	certified_asterisk	11.6.0	cpe:2.3:a:digium:certified_asterisk:11.6.0:-::::::