Lucene search

[email protected]NVD:CVE-2012-4737

HistoryAug 31, 2012 - 2:55 p.m.

CVE-2012-4737

2012-08-3114:55:01

CWE-264

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

Affected configurations

NVD

Node

digiumasteriskMatch1.8.0

digiumasteriskMatch1.8.0beta1

digiumasteriskMatch1.8.0beta2

digiumasteriskMatch1.8.0beta3

digiumasteriskMatch1.8.0beta4

digiumasteriskMatch1.8.0beta5

digiumasteriskMatch1.8.0rc2

digiumasteriskMatch1.8.0rc3

digiumasteriskMatch1.8.0rc4

digiumasteriskMatch1.8.0rc5

digiumasteriskMatch1.8.1

digiumasteriskMatch1.8.1rc1

digiumasteriskMatch1.8.1.1

digiumasteriskMatch1.8.1.2

digiumasteriskMatch1.8.2

digiumasteriskMatch1.8.2.1

digiumasteriskMatch1.8.2.2

digiumasteriskMatch1.8.2.3

digiumasteriskMatch1.8.2.4

digiumasteriskMatch1.8.3

digiumasteriskMatch1.8.3rc1

digiumasteriskMatch1.8.3rc2

digiumasteriskMatch1.8.3rc3

digiumasteriskMatch1.8.3.1

digiumasteriskMatch1.8.3.2

digiumasteriskMatch1.8.3.3

digiumasteriskMatch1.8.4

digiumasteriskMatch1.8.4rc1

digiumasteriskMatch1.8.4rc2

digiumasteriskMatch1.8.4rc3

digiumasteriskMatch1.8.4.1

digiumasteriskMatch1.8.4.2

digiumasteriskMatch1.8.4.3

digiumasteriskMatch1.8.4.4

digiumasteriskMatch1.8.5

digiumasteriskMatch1.8.5rc1

digiumasteriskMatch1.8.5.0

digiumasteriskMatch1.8.6.0

digiumasteriskMatch1.8.6.0rc1

digiumasteriskMatch1.8.6.0rc2

digiumasteriskMatch1.8.6.0rc3

digiumasteriskMatch1.8.7.0

digiumasteriskMatch1.8.7.0rc1

digiumasteriskMatch1.8.7.0rc2

digiumasteriskMatch1.8.7.1

digiumasteriskMatch1.8.8.0

digiumasteriskMatch1.8.8.0rc1

digiumasteriskMatch1.8.8.0rc2

digiumasteriskMatch1.8.8.0rc3

digiumasteriskMatch1.8.8.0rc4

digiumasteriskMatch1.8.8.0rc5

digiumasteriskMatch1.8.8.1

digiumasteriskMatch1.8.8.2

digiumasteriskMatch1.8.9.0

digiumasteriskMatch1.8.9.0rc1

digiumasteriskMatch1.8.9.0rc2

digiumasteriskMatch1.8.9.0rc3

digiumasteriskMatch1.8.9.1

digiumasteriskMatch1.8.9.2

digiumasteriskMatch1.8.9.3

digiumasteriskMatch1.8.10.0

digiumasteriskMatch1.8.10.0rc1

digiumasteriskMatch1.8.10.0rc2

digiumasteriskMatch1.8.10.0rc3

digiumasteriskMatch1.8.10.0rc4

digiumasteriskMatch1.8.10.1

digiumasteriskMatch1.8.11.0

digiumasteriskMatch1.8.11.0rc2

digiumasteriskMatch1.8.11.0rc3

digiumasteriskMatch1.8.11.1

digiumasteriskMatch1.8.12

digiumasteriskMatch1.8.12.0

digiumasteriskMatch1.8.12.0rc1

digiumasteriskMatch1.8.12.0rc2

digiumasteriskMatch1.8.12.0rc3

digiumasteriskMatch1.8.13.0

digiumasteriskMatch1.8.13.0rc1

digiumasteriskMatch1.8.13.0rc2

digiumasteriskMatch1.8.13.1

digiumasteriskMatch1.8.14.0rc1

digiumasteriskMatch1.8.14.0rc2

digiumasteriskMatch1.8.14.1

digiumasteriskMatch1.8.15.0

digiumasteriskMatch1.8.15.0rc1

Node

digiumasteriskMatch10.0.0

digiumasteriskMatch10.0.0beta1

digiumasteriskMatch10.0.0beta2

digiumasteriskMatch10.0.0rc1

digiumasteriskMatch10.0.0rc2

digiumasteriskMatch10.0.0rc3

digiumasteriskMatch10.0.1

digiumasteriskMatch10.1.0

digiumasteriskMatch10.1.0rc1

digiumasteriskMatch10.1.0rc2

digiumasteriskMatch10.1.1

digiumasteriskMatch10.1.2

digiumasteriskMatch10.1.3

digiumasteriskMatch10.2.0

digiumasteriskMatch10.2.0rc1

digiumasteriskMatch10.2.0rc2

digiumasteriskMatch10.2.0rc3

digiumasteriskMatch10.2.0rc4

digiumasteriskMatch10.2.1

digiumasteriskMatch10.3.0

digiumasteriskMatch10.3.0rc2

digiumasteriskMatch10.3.0rc3

digiumasteriskMatch10.3.1

digiumasteriskMatch10.4.0

digiumasteriskMatch10.4.0rc1

digiumasteriskMatch10.4.0rc2

digiumasteriskMatch10.4.0rc3

digiumasteriskMatch10.4.1

digiumasteriskMatch10.4.2

digiumasteriskMatch10.5.0

digiumasteriskMatch10.5.0rc1

digiumasteriskMatch10.5.0rc2

digiumasteriskMatch10.5.1

digiumasteriskMatch10.6.0

digiumasteriskMatch10.6.0rc1

digiumasteriskMatch10.6.0rc2

digiumasteriskMatch10.6.1

digiumasteriskMatch10.7.0

digiumasteriskMatch10.7.0rc1

Node

digiumcertified_asteriskMatch1.8.11cert

digiumcertified_asteriskMatch1.8.11cert1

digiumcertified_asteriskMatch1.8.11cert2

digiumcertified_asteriskMatch1.8.11cert3

digiumcertified_asteriskMatch1.8.11cert4

digiumcertified_asteriskMatch1.8.11cert5

digiumcertified_asteriskMatch1.8.11cert6

Node

digiumasteriskMatch10.5.2digiumphones

digiumasteriskMatch10.6.0digiumphones

digiumasteriskMatch10.6.1digiumphones

digiumasteriskMatch10.7.0digiumphones

Node

digiumasteriskMatchc.3.0-business

digiumasteriskMatchc.3.1.0-business

digiumasteriskMatchc.3.1.1-business

digiumasteriskMatchc.3.2.2-business

digiumasteriskMatchc.3.2.3-business

digiumasteriskMatchc.3.3.2-business

digiumasteriskMatchc.3.6.2-business

digiumasteriskMatchc.3.6.3-business

digiumasteriskMatchc.3.6.4-business

digiumasteriskMatchc.3.7.5-business

References

downloads.asterisk.org/pub/security/AST-2012-013.html

secunia.com/advisories/50687

secunia.com/advisories/50756

www.debian.org/security/2012/dsa-2550

www.securityfocus.com/bid/55335

www.securitytracker.com/id?1027461

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for NVD:CVE-2012-4737

cve1 prion1 ubuntucve1 securityvulns2 nessus4 debiancve1 cvelist1 freebsd1 openvas8 gentoo1 debian2