CVE-2014-8418

Loading...

General

Score:9.0/10.0
Severity:High
Category:Access Control Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Relative vulnerabilities

CVE-2014-2286, CVE-2014-4046, CVE-2014-6610, CVE-2014-8412, CVE-2015-3008

Published on 24/11/14 - Updated on 25/11/14

Description

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2014-8418
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-493
Debian LTSDLA-455-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
digiumasterisk
digiumcertified_asterisk

Share this vulnerability with:

Twitter Facebook LinkedIn Mail