Lucene search
HistoryAug 31, 2012 - 2:55 p.m.
CVE-2012-2186
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
7
Confidence
Low
EPSS
0.014
Percentile
86.8%
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Affected configurations
Node
asteriskopen_sourceMatch1.8.0
ORasteriskopen_sourceMatch1.8.0beta1
ORasteriskopen_sourceMatch1.8.0beta2
ORasteriskopen_sourceMatch1.8.0beta3
ORasteriskopen_sourceMatch1.8.0beta4
ORasteriskopen_sourceMatch1.8.0beta5
ORasteriskopen_sourceMatch1.8.0rc1
ORasteriskopen_sourceMatch1.8.0rc2
ORasteriskopen_sourceMatch1.8.0rc3
ORasteriskopen_sourceMatch1.8.0rc4
ORasteriskopen_sourceMatch1.8.0rc5
ORasteriskopen_sourceMatch1.8.1
ORasteriskopen_sourceMatch1.8.1rc1
ORasteriskopen_sourceMatch1.8.1.1
ORasteriskopen_sourceMatch1.8.1.2
ORasteriskopen_sourceMatch1.8.2
ORasteriskopen_sourceMatch1.8.2rc1
ORasteriskopen_sourceMatch1.8.2.1
ORasteriskopen_sourceMatch1.8.2.2
ORasteriskopen_sourceMatch1.8.2.3
ORasteriskopen_sourceMatch1.8.2.4
ORasteriskopen_sourceMatch1.8.3
ORasteriskopen_sourceMatch1.8.3rc1
ORasteriskopen_sourceMatch1.8.3rc2
ORasteriskopen_sourceMatch1.8.3rc3
ORasteriskopen_sourceMatch1.8.3.1
ORasteriskopen_sourceMatch1.8.3.2
ORasteriskopen_sourceMatch1.8.3.3
ORasteriskopen_sourceMatch1.8.4
ORasteriskopen_sourceMatch1.8.4rc1
ORasteriskopen_sourceMatch1.8.4rc2
ORasteriskopen_sourceMatch1.8.4rc3
ORasteriskopen_sourceMatch1.8.4.1
ORasteriskopen_sourceMatch1.8.4.2
ORasteriskopen_sourceMatch1.8.4.3
ORasteriskopen_sourceMatch1.8.4.4
ORasteriskopen_sourceMatch1.8.5rc1
ORasteriskopen_sourceMatch1.8.5.0
ORasteriskopen_sourceMatch1.8.6.0
ORasteriskopen_sourceMatch1.8.6.0rc1
ORasteriskopen_sourceMatch1.8.6.0rc2
ORasteriskopen_sourceMatch1.8.6.0rc3
ORasteriskopen_sourceMatch1.8.7
ORasteriskopen_sourceMatch1.8.7.0
ORasteriskopen_sourceMatch1.8.7.0rc1
ORasteriskopen_sourceMatch1.8.7.0rc2
ORasteriskopen_sourceMatch1.8.7.1
ORasteriskopen_sourceMatch1.8.7.2
ORasteriskopen_sourceMatch1.8.8.0
ORasteriskopen_sourceMatch1.8.8.0rc1
ORasteriskopen_sourceMatch1.8.8.0rc2
ORasteriskopen_sourceMatch1.8.8.0rc3
ORasteriskopen_sourceMatch1.8.8.0rc4
ORasteriskopen_sourceMatch1.8.8.0rc5
ORasteriskopen_sourceMatch1.8.8.1
ORasteriskopen_sourceMatch1.8.8.2
ORasteriskopen_sourceMatch1.8.9.0
ORasteriskopen_sourceMatch1.8.9.0rc1
ORasteriskopen_sourceMatch1.8.9.0rc2
ORasteriskopen_sourceMatch1.8.9.0rc3
ORasteriskopen_sourceMatch1.8.9.1
ORasteriskopen_sourceMatch1.8.9.2
ORasteriskopen_sourceMatch1.8.9.3
ORasteriskopen_sourceMatch1.8.10.0
ORasteriskopen_sourceMatch1.8.10.0rc1
ORasteriskopen_sourceMatch1.8.10.0rc2
ORasteriskopen_sourceMatch1.8.10.0rc3
ORasteriskopen_sourceMatch1.8.10.0rc4
ORasteriskopen_sourceMatch1.8.10.1
ORasteriskopen_sourceMatch1.8.11.0
ORasteriskopen_sourceMatch1.8.11.0rc2
ORasteriskopen_sourceMatch1.8.11.0rc3
ORasteriskopen_sourceMatch1.8.11.1
ORasteriskopen_sourceMatch1.8.12
ORasteriskopen_sourceMatch1.8.12.0
ORasteriskopen_sourceMatch1.8.12.0rc1
ORasteriskopen_sourceMatch1.8.12.0rc2
ORasteriskopen_sourceMatch1.8.12.0rc3
ORsangomaasteriskRange≤1.8.15.0
Node
asteriskopen_sourceMatch10.0.0
ORasteriskopen_sourceMatch10.0.0beta1
ORasteriskopen_sourceMatch10.0.0beta2
ORasteriskopen_sourceMatch10.0.0rc1
ORasteriskopen_sourceMatch10.0.0rc2
ORasteriskopen_sourceMatch10.0.0rc3
ORasteriskopen_sourceMatch10.0.1
ORasteriskopen_sourceMatch10.1.0
ORasteriskopen_sourceMatch10.1.0rc1
ORasteriskopen_sourceMatch10.1.0rc2
ORasteriskopen_sourceMatch10.1.1
ORasteriskopen_sourceMatch10.1.2
ORasteriskopen_sourceMatch10.1.3
ORasteriskopen_sourceMatch10.2.0
ORasteriskopen_sourceMatch10.2.0rc1
ORasteriskopen_sourceMatch10.2.0rc2
ORasteriskopen_sourceMatch10.2.0rc3
ORasteriskopen_sourceMatch10.2.0rc4
ORasteriskopen_sourceMatch10.2.1
ORasteriskopen_sourceMatch10.3
ORasteriskopen_sourceMatch10.3.0
ORasteriskopen_sourceMatch10.3.0rc2
ORasteriskopen_sourceMatch10.3.0rc3
ORasteriskopen_sourceMatch10.3.1
ORasteriskopen_sourceMatch10.4.0
ORasteriskopen_sourceMatch10.4.0rc1
ORasteriskopen_sourceMatch10.4.0rc2
ORasteriskopen_sourceMatch10.4.0rc3
ORsangomaasteriskRange≤10.7.0
Node
asteriskcertified_asteriskRange≤1.8.11cert5
ORasteriskcertified_asteriskMatch1.8.11cert
ORasteriskcertified_asteriskMatch1.8.11cert1
ORasteriskcertified_asteriskMatch1.8.11cert2
ORasteriskcertified_asteriskMatch1.8.11cert3
ORasteriskcertified_asteriskMatch1.8.11cert4
Node
asteriskdigiumphonesRange≤10.7.0
Node
asteriskbusiness_editionRange≤c.3.7.5
ORasteriskbusiness_editionMatchc.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:* |
| asterisk | open_source | 1.8.0 | cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:* |
Related
openvas
openvas
Fedora Update for asterisk FEDORA-2012-13437
2012-09-22 00:00:00
Fedora Update for asterisk FEDORA-2012-13437
2012-09-22 00:00:00
Fedora Update for asterisk FEDORA-2012-13338
2012-09-22 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: asterisk-10.7.1-2.fc18
2012-09-17 23:51:34
[SECURITY] Fedora 17 Update: asterisk-10.7.1-2.fc17
2012-09-17 17:55:41
[SECURITY] Fedora 16 Update: asterisk-1.8.15.1-1.fc16
2012-09-17 17:46:45
ubuntucve
ubuntucve
CVE-2012-2186
2012-08-31 00:00:00
nessus
nessus
Fedora 17 : asterisk-10.7.1-2.fc17 (2012-13338)
2012-09-18 00:00:00
Fedora 16 : asterisk-1.8.15.1-1.fc16 (2012-13437)
2012-09-18 00:00:00
Fedora 18 : asterisk-10.7.1-2.fc18 (2012-13286)
2012-09-18 00:00:00
debiancve
debiancve
CVE-2012-2186
2012-08-31 14:55:00
securityvulns
securityvulns
AST-2012-012: Asterisk Manager User Unauthorized Shell Access
2012-09-02 00:00:00
Asterisk security vulnerabilities
2012-09-02 00:00:00
prion
prion
Design/Logic Flaw
2012-08-31 14:55:00
cvelist
cvelist
CVE-2012-2186
2012-08-31 14:00:00
cve
cve
CVE-2012-2186
2012-08-31 14:55:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2012-08-30 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2012-09-26 00:00:00
debian
debian
[SECURITY] [DSA 2550-2] asterisk regression update
2012-09-26 16:05:00
[SECURITY] [DSA 2550-1] asterisk security update
2012-09-18 17:18:45
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
7
Confidence
Low
EPSS
0.014
Percentile
86.8%
Related for NVD:CVE-2012-2186