Lucene search
HistoryNov 26, 2014 - 3:59 p.m.
CVE-2014-6610
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
6.1
Confidence
High
EPSS
0.002
Percentile
59.5%
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
Affected configurations
Node
digiumcertified_asteriskMatch11.6cert1lts
ORdigiumcertified_asteriskMatch11.6cert2lts
ORdigiumcertified_asteriskMatch11.6cert3lts
ORdigiumcertified_asteriskMatch11.6cert4lts
ORdigiumcertified_asteriskMatch11.6cert5lts
ORdigiumcertified_asteriskMatch11.6.0lts
Node
digiumasteriskMatch11.0.0
ORdigiumasteriskMatch11.0.0beta1
ORdigiumasteriskMatch11.0.0beta2
ORdigiumasteriskMatch11.0.0rc1
ORdigiumasteriskMatch11.0.0rc2
ORdigiumasteriskMatch11.1.0
ORdigiumasteriskMatch11.1.0rc1
ORdigiumasteriskMatch11.1.0rc2
ORdigiumasteriskMatch11.1.0rc3
ORdigiumasteriskMatch11.2.0
ORdigiumasteriskMatch11.2.0rc1
ORdigiumasteriskMatch11.2.0rc2
ORdigiumasteriskMatch11.3.0rc1
ORdigiumasteriskMatch11.3.0rc2
ORdigiumasteriskMatch11.4.0
ORdigiumasteriskMatch11.4.0rc1
ORdigiumasteriskMatch11.4.0rc2
ORdigiumasteriskMatch11.4.0rc3
ORdigiumasteriskMatch11.4.0rc4
ORdigiumasteriskMatch11.5.0
ORdigiumasteriskMatch11.5.0rc1
ORdigiumasteriskMatch11.5.0rc2
ORdigiumasteriskMatch11.6.0
ORdigiumasteriskMatch11.6.0rc1
ORdigiumasteriskMatch11.6.0rc2
ORdigiumasteriskMatch11.7.0
ORdigiumasteriskMatch11.7.0rc1
ORdigiumasteriskMatch11.7.0rc2
ORdigiumasteriskMatch11.8.0
ORdigiumasteriskMatch11.8.0rc1
ORdigiumasteriskMatch11.8.0rc2
ORdigiumasteriskMatch11.8.0rc3
ORdigiumasteriskMatch11.9.0
ORdigiumasteriskMatch11.9.0rc1
ORdigiumasteriskMatch11.9.0rc2
ORdigiumasteriskMatch11.9.0rc3
ORdigiumasteriskMatch11.10.0
ORdigiumasteriskMatch11.10.0rc1
ORdigiumasteriskMatch11.11.0
ORdigiumasteriskMatch11.11.0rc1
ORdigiumasteriskMatch11.12.0
ORdigiumasteriskMatch12.0.0
ORdigiumasteriskMatch12.1.0
ORdigiumasteriskMatch12.1.0rc1
ORdigiumasteriskMatch12.1.0rc2
ORdigiumasteriskMatch12.1.0rc3
ORdigiumasteriskMatch12.2.0
ORdigiumasteriskMatch12.2.0rc1
ORdigiumasteriskMatch12.2.0rc2
ORdigiumasteriskMatch12.2.0rc3
ORdigiumasteriskMatch12.3.0
ORdigiumasteriskMatch12.3.0rc1
ORdigiumasteriskMatch12.3.0rc2
ORdigiumasteriskMatch12.4.0
ORdigiumasteriskMatch12.4.0rc1
ORdigiumasteriskMatch12.5.0
ORdigiumasteriskMatch12.5.0rc1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| digium | certified_asterisk | 11.6 | cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:* |
| digium | certified_asterisk | 11.6 | cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:* |
| digium | certified_asterisk | 11.6 | cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:* |
| digium | certified_asterisk | 11.6 | cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:* |
| digium | certified_asterisk | 11.6 | cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:* |
| digium | certified_asterisk | 11.6.0 | cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:* |
| digium | asterisk | 11.0.0 | cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:* |
| digium | asterisk | 11.0.0 | cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:* |
| digium | asterisk | 11.0.0 | cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:* |
| digium | asterisk | 11.0.0 | cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:* |
Related
nessus
nessus
Asterisk ReceiveFax Dialplan Application Remote DoS (AST-2014-010)
2014-09-25 00:00:00
Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)
2014-11-24 00:00:00
GLSA-201411-10 : Asterisk: Multiple Vulnerabilities (POODLE)
2014-11-24 00:00:00
prion
prion
Code injection
2014-11-26 15:59:00
cvelist
cvelist
CVE-2014-6610
2014-11-26 15:00:00
cve
cve
CVE-2014-6610
2014-11-26 15:59:02
debiancve
debiancve
CVE-2014-6610
2014-11-26 15:59:02
ubuntucve
ubuntucve
CVE-2014-6610
2014-11-26 00:00:00
gentoo
gentoo
Asterisk: Multiple Vulnerabilities
2014-11-23 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0490)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201411-10
2015-09-29 00:00:00
Debian: Security Advisory (DLA-455-1)
2023-03-08 00:00:00
mageia
mageia
Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE
2014-11-26 20:29:06
osv
osv
asterisk - security update
2016-05-03 00:00:00
debian
debian
[SECURITY] [DLA 455-1] asterisk security update
2016-05-03 20:31:18
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
6.1
Confidence
High
EPSS
0.002
Percentile
59.5%
Related for NVD:CVE-2014-6610