Design/Logic Flaw

2012-08-3114:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

CPENameOperatorVersion
asteriskeq1.8.3 rc3
asteriskeq1.8.8.0 rc5
asteriskeq1.8.11.0
asteriskeq1.8.3
asteriskeq1.8.2.4
asteriskeq1.8.0 beta2
asteriskeq1.8.6.0 rc3
asteriskeq1.8.3 rc1
asteriskeq1.8.1
asteriskeq1.8.1.2

Name	Operator	Version
asterisk	eq	1.8.3 rc3
asterisk	eq	1.8.8.0 rc5
asterisk	eq	1.8.11.0
asterisk	eq	1.8.3
asterisk	eq	1.8.2.4
asterisk	eq	1.8.0 beta2
asterisk	eq	1.8.6.0 rc3
asterisk	eq	1.8.3 rc1
asterisk	eq	1.8.1
asterisk	eq	1.8.1.2