Code injection

2014-11-2615:59:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.

CPENameOperatorVersion
asteriskeq12.0.0
asteriskeq11.3.0 rc1
asteriskeq11.2.0 rc2
asteriskeq11.0.0 rc2
asteriskeq11.4.0 rc3
asteriskeq12.3.0 rc2
asteriskeq11.2.0
asteriskeq11.5.0 rc2
asteriskeq11.4.0 rc1
asteriskeq11.11.0

Name	Operator	Version
asterisk	eq	12.0.0
asterisk	eq	11.3.0 rc1
asterisk	eq	11.2.0 rc2
asterisk	eq	11.0.0 rc2
asterisk	eq	11.4.0 rc3
asterisk	eq	12.3.0 rc2
asterisk	eq	11.2.0
asterisk	eq	11.5.0 rc2
asterisk	eq	11.4.0 rc1
asterisk	eq	11.11.0