CVE-2010-0685 (GCVE-0-2010-0685)
Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:59
VLAI
Summary
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://svn.asterisk.org/svn/asterisk/branches/1.2… | x_refsource_MISC |
| http://secunia.com/advisories/39096 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1023637 | vdb-entryx_refsource_SECTRACK |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/archive/1/509608/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/38641 | third-party-advisoryx_refsource_SECUNIA |
| http://downloads.digium.com/pub/security/AST-2010… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2010/0439 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-02-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt",
"refsource": "MISC",
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38641"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2010-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0685",
"datePublished": "2010-02-23T20:00:00.000Z",
"dateReserved": "2010-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2010-0685",
"date": "2026-06-08",
"epss": "0.00101",
"percentile": "0.27345"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-0685\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-02-23T20:30:00.780\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.\"},{\"lang\":\"es\",\"value\":\"El dise\u00f1o de la funcionalidad dialplan en Asterisk Open Source v1.2.x, v1.4.x, y v1.6.x; y Asterisk Business Edition vB.x.x y vC.x.x,cuando se utiliza la variable de canal $ (EXTEN) y coincidencias de patron comod\u00edn, permite a atacantes dependiendo del contexto, inyectar cadenas en dialplan utilizando metacaracteres que son inyectados cuando la variable es expandida, como se demuestra utilizando la aplicaci\u00f3n Dial en un proceso en el que el mensaje SIP INVITE esta manipulado el cual a\u00f1ade un canal de salida no previsto. NOTA: Podr\u00eda argumentarse que esto no es una vulnerabilidad en Asterisk, pero hay un tipo de vulnerabilidades que pueden producirse en cualquier programa que utilice esta caracter\u00edstica sin la funcionalidad de filtrado correspondiente que actualmente esta disponible.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39358795-09A6-44C6-B969-1560CEF40057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2DAB51-91ED-43D4-AEA9-7C4661089BAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A596A018-2FBC-4CEB-9910-756CC6598679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"14BDCF8E-0B68-430A-A463-EE40C1A9AD65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CD93E-71A5-49EC-B986-5868C05553EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B66B213-4397-4435-8E48-8ED69AAE13D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55131A3D-C892-44EC-83D6-5888C57B11A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"E017DD53-B8EC-4EA2-BF59-18C075C5771D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B940EEC6-4451-42B9-A56D-BDB8801B3685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE4AB19F-1338-466D-AAD8-584C79FED1AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C619138A-557F-419E-9832-D0FB0E9042C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6656EA0-4D4F-4251-A30F-48375C5CE3E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AAD9104-BA4A-478F-9B56-195E0F9A7DF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F06C361-D7DF-474B-A835-BA8886C11A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"175954A5-E712-41B8-BC11-4F999343063D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DF9E41E-8FE6-4396-A5D4-D4568600FE03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B43C508-91E3-49C9-86F0-3643D8F2B7F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4457486F-E9B4-46B8-A05D-3B32F8B639A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"0831E658-36AB-4A4B-9929-3DB6BE855A3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69417F54-D92F-46FB-9BFA-995211279C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4611BEA0-25EC-4705-A390-6DF678373FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53022458-F443-4402-AC52-FC3AE810E89E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"120B85AA-E9B8-4A4D-81CE-FD36CDB63074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"64D94742-7CA1-487B-90E8-5063FBF88925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12302460-5D3F-4045-9DBF-606562E03BDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"78546FDF-C843-4E48-ABEE-CC3514AA7C3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6EBC0B-9842-44D1-B9D6-EFB88BE22879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"052969F1-6758-46E8-9273-E0F872BD65BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624A0F00-4629-4550-847F-F24CC93DFF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"E473F645-F8B0-43FE-957B-F053427465DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FC9AAB-1FAD-4953-A2FC-D42E9687D27E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"460C9907-AA19-402A-85DE-D3CEA98B107B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD80F0D6-6B5B-41D3-AC41-F1643865088A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"734D5198-53C1-40D3-B5BF-D74FC71FD3BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"788DEF5E-8A99-463D-89DC-0CC032271554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0996D7A-9419-4897-A0AF-498AC3A2A81F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D670E6-47E5-4B40-9217-F97D5F39C3EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"94C23DB8-3C92-40FE-B8A6-ADF84D28510E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6CE7E4E-DA2D-4F03-A226-92965B40AE34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C59A947-457E-47EB-832E-3DA70CB52695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F74B56-B412-4AF1-AED0-C948AB6DC829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B50ADDB-D3C2-407D-8844-F93866E5F20C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4149B59-E773-4ED8-A71D-EB7D00808819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A0408C3-0FA7-4A17-9451-C4D46CDA8F27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"1726090D-0C37-44A4-AD9B-7ED733B8702D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"54354E16-3238-43E8-BAA9-93CA7EB44D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6867EED4-FC3B-4B72-88A5-DED96C729FE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A0867FC-7161-433F-A416-D7207C8D4D36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97BE6B60-3276-4580-843B-743D0D71E3DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"36491B32-A405-4C5B-938F-9BEA50A8AF16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6141909B-EBC4-4726-AE9F-669C31257A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A51AC-EF20-4736-ADDB-D2A70BCB79EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4600BB66-6DEB-444B-AF9E-BDD06CFD2876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE089E31-3521-4D12-B81C-B6E386AE1409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5E9888-16CD-4DB2-8889-CE4477559C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C29C9A2C-6435-444E-A20B-5881F3798B85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E77A2569-CFAE-498D-A633-803849CFECE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D16E88E6-42D0-400E-AF43-111B35CE11E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE15A42E-030B-48F0-9498-1755DAAEDFB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39511726-1202-4179-9708-4D3B28496768\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9A4328-F274-4591-A386-943FD6608374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF11B38A-12D7-453A-870D-CDC2DE9313CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D69ACB7-CF9A-40B5-819E-58DA884D4E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E56DB29-571D-4615-B347-38CF4590E463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC8D6D4-A389-4A78-8DA8-351A9CB896E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E979AC4-58EA-4297-9F90-350924BBE440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A58CCD3-4A0C-468B-85F2-59A52B7293A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3542DB91-8487-49D6-AA15-E8FD9D6B99D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"661D710E-79F0-4E98-B35B-ED0549D35C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F80CBCB-F58D-4BE7-8E78-67E04C900D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB61D32E-3400-480E-BD27-BA3F98F94427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687C67CB-46AF-40C2-8A02-081C7F78568A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"300F158E-ED27-46C8-85E4-AA0AA6B201DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB6F04C0-3226-4D2C-97A3-39999483C62C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30685A20-963A-48D4-B7D7-2C11C2C812AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C54C3AAC-4D5D-4661-86AB-6849982E8C67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2EFBC9E-4DCA-43CB-93EB-6807E2383A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98755B1B-CAD5-4AC5-8571-52E67C3A8274\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9D8C8FE-3D09-4F60-AD03-9D4439942141\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43F1849F-1230-45E7-B6A3-D6FC72EB0F11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4333904-9D21-4149-965F-F49F0A34BD85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B10AE4B-EC2D-4D5B-B842-50F5097A0650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCB18BE2-B073-429C-ABE7-B8305793DAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DBA63FE-62AF-4F3D-B30C-550D17C4E35F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5D425E6-E2E5-4452-9EAA-2697C1155784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E06848DE-6EE1-4FD0-A14F-39D41B2F3E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8374B5D-DE7A-4C3C-A5FE-579B17006A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F8B700A-FACB-4BC8-9DF2-972DC63D852B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"D110DCEB-F2F9-4600-B49F-22952C71B785\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"3333A119-D92F-433C-BF5D-0037199256C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"19C44C33-EADA-48FD-A634-8066A003AFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"294A2BA2-26EB-40AD-B861-7FA9043CD097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"4FAC61AF-BDF2-4397-A8F8-9D9155836E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"33DE61C2-8C6A-4CD3-8D56-E70C4356CD50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"EECB5F75-BCE2-4777-933E-25EB5657750C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"B5D51557-3E67-4C9A-9753-472D13FCA5C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"761DB3A3-1540-4976-AEB2-F8E45CCCC5E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"947F58B8-21AF-460B-8203-D2605A1F91D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*\",\"matchCriteriaId\":\"1C4E15BB-71AB-4936-9CA7-E844572A3953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*\",\"matchCriteriaId\":\"EE5823E1-5BFF-44E0-B8DD-4D994073DC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"E6C147EF-0C39-4979-A4F6-C0BE288F083F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"0C1A8352-DE70-4D4E-BC4D-8EABE5431646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"615D7356-E9DD-4149-B1BE-D3C3475A8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"0628E34F-1A60-416D-A29C-EA28E8CC2430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"5F54511A-A2A9-4038-9D7D-2283A6709DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"3FA908BA-BEF8-44A5-AC95-E7CF020D0C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"78E8936C-033B-49E6-BB39-D5BBBC80EB55\"}]}]}],\"references\":[{\"url\":\"http://downloads.digium.com/pub/security/AST-2010-002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38641\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39096\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/509608/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023637\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0439\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56397\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://downloads.digium.com/pub/security/AST-2010-002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/509608/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…