CVE-2014-8412
Last modified
CVE-2014-8412 is a vulnerability of currently unknown severity. The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.. EPSS estimates a 2.73% chance of exploitation in the next 30 days.
Description
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Digium | Certified Asterisk | 1.8.28 | Cert1 |
| Digium | Certified Asterisk | 1.8.28.0 | — |
| Digium | Certified Asterisk | 11.6 | Cert1 |
| Digium | Certified Asterisk | 11.6.0 | — |
| Digium | Asterisk | >= 1.8.0, < 1.8.32.1 | — |
| Digium | Asterisk | >= 11.0.0, < 11.14.1 | — |
| Digium | Asterisk | >= 12.0.0, < 12.7.1 | — |
| Digium | Asterisk | >= 13.0.0, < 13.0.1 | — |
References
- http://downloads.asterisk.org/pub/security/AST-2014-012.htmlVendor Advisory
- http://downloads.asterisk.org/pub/security/AST-2014-012.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-8412?
How severe is CVE-2014-8412?
How do I fix CVE-2014-8412?
Are you affected by CVE-2014-8412?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST