CVE-2012-2186 (GCVE-0-2012-2186)

Vulnerability from cvelistv5 – Published: 2012-08-31 14:00 – Updated: 2024-08-06 19:26

Summary

Severity

No CVSS data available.

CWE

Assigner

ibm

References

5 references

URL	Tags
http://secunia.com/advisories/50687	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/50756	third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2012/dsa-2550	vendor-advisoryx_refsource_DEBIAN
http://downloads.asterisk.org/pub/security/AST-20…	x_refsource_CONFIRM
http://www.securitytracker.com/id?1027460	vdb-entryx_refsource_SECTRACK

Date Public

2012-08-30 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50687"
          },
          {
            "name": "50756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50756"
          },
          {
            "name": "DSA-2550",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2550"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
          },
          {
            "name": "1027460",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027460"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-31T09:00:00.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "50687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50687"
        },
        {
          "name": "50756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50756"
        },
        {
          "name": "DSA-2550",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2550"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
        },
        {
          "name": "1027460",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027460"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50687"
            },
            {
              "name": "50756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50756"
            },
            {
              "name": "DSA-2550",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2550"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
            },
            {
              "name": "1027460",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027460"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2186",
    "datePublished": "2012-08-31T14:00:00.000Z",
    "dateReserved": "2012-04-04T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:26:08.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-2186",
      "date": "2026-05-29",
      "epss": "0.00465",
      "percentile": "0.64665"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2186\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2012-08-31T14:55:00.950\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de lista negra incompleta en main/manager.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-8.1.11 antes de cert6, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n aprovech\u00e1ndose de los privilegios de origen y proporcionando un valor ExternalIVR en una acci\u00f3n IAM Originate.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACE48FBD-2560-4477-ABD2-C90729523BC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F03C40-6B70-41D1-96CF-DD5F2924D0C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F0B6E3-37B8-4780-BB17-D471A7AB7E58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"445941A9-EE2C-45C0-BCEB-9EC7F9F9439D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C60A84B-E0BC-491B-B6E6-76E658BB91EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"035B04BC-C132-4CF6-9FE4-561A4104F392\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E21DF0C9-16E4-44B0-8749-85F7F245A87A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"37612FE6-C8B7-4925-81F5-ADB82A8F101E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"92181940-ED5C-442C-82BA-4F0F233FB11B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67CE3E94-341F-4D0C-937E-39B119925C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C721635-2801-40E8-B5FE-734054D718D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F81ACF-615F-4EF5-BD73-74F4010B43D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D773468A-4C2D-4B88-BAB6-C2D892A304C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15ED9311-9E4E-4998-BD99-CDEB8E4F2C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"815F7045-FC6D-4D57-A7AE-F63B0FC67251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BAE9D7-7A67-40D0-B864-66E76EBA5A84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B82FFB08-0FCD-4839-95F4-97C09EB7E921\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10C54588-265A-4955-8C73-38ADB664EF0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D84681-F861-49BE-832F-20EBAD3B60C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2313F843-0F74-4FC9-92A2-1F721BB4C490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09918CFC-C6A0-45ED-91EA-A4D9295C6CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E24161-31DB-4739-B16D-B0BDF5151307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F5E4B4F-49B7-41CB-803B-47A0081C3112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27D37142-F88C-42DE-A0FD-B17AB7981963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1A5BD7C-3491-456A-A333-481977280F5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"12711E11-F6CF-4A61-83FD-AD3748D7C47B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"86E83CDF-E3B5-48A8-B526-67A1618B97AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C8B329-AC4C-46E5-BAC3-B2B72C16A453\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A81245B-0276-4D51-A3B4-9CC7233C9A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DC30C27-32BD-42A9-814E-123BD18F416B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"676BA331-833E-4C8B-A523-2116752567B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F211C14-8E50-4FB7-82EA-FE6975290DE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0698EDFB-D156-4572-9008-0243FA6FD2FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"16350161-9CF1-4AD3-954C-598D249CF962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AC55C54-7AD7-49BE-A050-DC6878391208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AA9DBB3-1008-4CC8-B81B-991F286A6C0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B208EBB-0387-4223-A196-CE142E6B908B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"095BF874-0E0B-4F8F-8A11-ED096DD3A824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4067E71D-93A8-4B56-AE4A-FCB6E31577E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D301553-EF77-4494-A893-FDC12E6A8C16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35362678-3960-40E0-BB94-4642F09DDB4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"779DEAC5-CBC7-4844-9A2E-97AEB49704EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"913D2C84-B987-4DEE-8F9E-0FDF14BECE2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"63889FD0-714B-4E02-8F34-00E4857A544A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A15B538D-DC9D-46B4-A455-341E8A2831E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FE32479-5D98-443F-8FA9-F6281726BDF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"78841A3E-7D56-4737-9815-E1144FD0A44A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6CE8D88-E407-4E9F-8418-E95C16A55358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BDEDE38-79FE-4B21-BE42-E8AA14475AA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC295454-D897-425C-BFC8-91A72865A132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3830A3E2-09A1-487E-8EFA-27F8B4C61CB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAC942FB-83A2-4698-B410-F4C6AED0849A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2C32DA-44CE-4407-84B2-02B0D0474000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B032B5-06AB-4ABE-B51E-DE5C13458C03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"39E78E52-2AA4-42A5-9CE6-22DF2CF01704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DF04D4C-DFED-4E71-BA0C-854823BB41CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"518A8882-B1A6-408E-9B39-F01034A50190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBBB850-2AE6-4EC1-993F-AD7AF2E80008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1075D5D-5F81-4E26-90B0-60659B8D36B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6880B042-11B1-430F-90A1-70F93FC5BAF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F074B06-6788-47AB-8C39-BA5E2E39ACC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47805A52-856B-4C30-A04F-0B683FDBE075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48300C6F-FAF2-4F0A-959F-4B1801AE7D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85522E25-E76C-4CCF-AB7C-A74E1703D919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC3BE912-0B42-416B-A0E2-B17FDF07BAAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FC9C2FB-A77B-4242-B4A1-92112E1C19B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.15.0\",\"matchCriteriaId\":\"9DA237F1-0378-4B8C-9981-B3B47BCB3C50\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33DD2B8E-6AB1-45CD-85F5-E0F5234585BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"52BDDAC0-5CEE-4054-8930-EAF25FE528FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BCF63F-DA77-48A1-861D-F6E710E3CA16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"66666CD2-8921-4641-AD72-21F4386DC731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55A7B81-4661-4E77-94FE-DA8D6261DC74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C549DD5-68F9-44FC-92B9-09A0E6F87315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"51407A8B-AF19-43FA-8D57-A6A35D465D1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"911CCAF6-6E29-43B6-AF76-909016CD46ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"964672AE-C840-465E-BE8A-8E19D9C060AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48827211-8F2F-4801-A5CD-77B07D1DD320\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2463AD2-B341-494C-87AF-73B69B75D162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B46E218-9EFA-4224-BC5D-1A2F38559E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1F43E8-6159-46FA-8BF5-360EA9D466BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F75E0A69-9251-4CE1-9E83-188F0D35DEFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"17E6BD3C-B88D-4C80-B77F-2A95767B9A71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AC1C9EC-A84F-401B-BF59-F4938B6A2F59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB76519-FD6D-4D74-8DF7-719822588C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"335F9C06-5E40-4E14-B018-15151E14414D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C33423-6093-4DC9-BCFF-77003776373E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DEA8945-9ACD-4CE7-A5E6-5207E16C663E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FCD6B4-ED33-424F-AD30-64227894B0B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.7.0\",\"matchCriteriaId\":\"F6558058-33DA-43F1-9690-5DA11D5CC713\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:*:cert5:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.11\",\"matchCriteriaId\":\"345918B8-ABB8-4E60-A3AD-C006AD24FEC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*\",\"matchCriteriaId\":\"4889B1B5-5160-476E-A1C0-BEAE63C85CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62867AEF-D685-4B1F-8AB9-D1CCAC559821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7C792E2-FBBA-4F1D-8842-5E47B4365FBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B14F1E15-52B4-4947-83EA-85D535FFB55E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"02461B94-32BA-487E-9E9E-D9B5AAAFF602\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:digiumphones:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.7.0\",\"matchCriteriaId\":\"7438E927-F320-4E40-AE4E-F571483A5D2F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"c.3.7.5\",\"matchCriteriaId\":\"94539528-4DD3-4BB6-BFFE-920A3937A665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D78AA8-AF67-4343-A9B0-EFC63D8CC4BC\"}]}]}],\"references\":[{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2012-012.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50687\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://secunia.com/advisories/50756\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2550\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.securitytracker.com/id?1027460\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2012-012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/50756\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2012-AVI-478

Vulnerability from certfr_avis - Published: 2012-08-31 - Updated: 2012-08-31

Deux vulnérabilités ont été corrigées dans Asterisk. La première permet à un utilisateur malintentionné d'acquérir un interprèteur de commandes à distance. La seconde concerne le traitement des appels IAX2 et peut mener à un contournement de certaines règles ACL.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Asterisk	Asterisk	Asterisk Digiumphones versions antérieures à 10.7.1-digiumphones ;
Asterisk	Asterisk	Asterisk Business Edition versions antérieures à C.3.7.6.
Asterisk	Asterisk	Asterisk Open Source versions antérieures à 1.8.15.1 ;
Asterisk	Certified Asterisk	Certified Asterisk versions antérieures à 1.8.11-cert7 ;
Asterisk	Asterisk	Asterisk Open Source versions antérieures à 10.7.1 ;

References

Title

Publication Time

FKIE_CVE-2012-2186

Vulnerability from fkie_nvd - Published: 2012-08-31 14:55 - Updated: 2026-04-29 01:13

Severity

Summary

References

URL	Tags
psirt@us.ibm.com	http://downloads.asterisk.org/pub/security/AST-2012-012.html	Patch, Vendor Advisory
psirt@us.ibm.com	http://secunia.com/advisories/50687
psirt@us.ibm.com	http://secunia.com/advisories/50756
psirt@us.ibm.com	http://www.debian.org/security/2012/dsa-2550
psirt@us.ibm.com	http://www.securitytracker.com/id?1027460
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-012.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50687
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50756
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2550
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027460

Impacted products

Vendor	Product	Version
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.1
asterisk	open_source	1.8.1
asterisk	open_source	1.8.1.1
asterisk	open_source	1.8.1.2
asterisk	open_source	1.8.2
asterisk	open_source	1.8.2
asterisk	open_source	1.8.2.1
asterisk	open_source	1.8.2.2
asterisk	open_source	1.8.2.3
asterisk	open_source	1.8.2.4
asterisk	open_source	1.8.3
asterisk	open_source	1.8.3
asterisk	open_source	1.8.3
asterisk	open_source	1.8.3
asterisk	open_source	1.8.3.1
asterisk	open_source	1.8.3.2
asterisk	open_source	1.8.3.3
asterisk	open_source	1.8.4
asterisk	open_source	1.8.4
asterisk	open_source	1.8.4
asterisk	open_source	1.8.4
asterisk	open_source	1.8.4.1
asterisk	open_source	1.8.4.2
asterisk	open_source	1.8.4.3
asterisk	open_source	1.8.4.4
asterisk	open_source	1.8.5
asterisk	open_source	1.8.5.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.7
asterisk	open_source	1.8.7.0
asterisk	open_source	1.8.7.0
asterisk	open_source	1.8.7.0
asterisk	open_source	1.8.7.1
asterisk	open_source	1.8.7.2
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.1
asterisk	open_source	1.8.8.2
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.1
asterisk	open_source	1.8.9.2
asterisk	open_source	1.8.9.3
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.1
asterisk	open_source	1.8.11.0
asterisk	open_source	1.8.11.0
asterisk	open_source	1.8.11.0
asterisk	open_source	1.8.11.1
asterisk	open_source	1.8.12
asterisk	open_source	1.8.12.0
asterisk	open_source	1.8.12.0
asterisk	open_source	1.8.12.0
asterisk	open_source	1.8.12.0
sangoma	asterisk	*
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.1
asterisk	open_source	10.1.0
asterisk	open_source	10.1.0
asterisk	open_source	10.1.0
asterisk	open_source	10.1.1
asterisk	open_source	10.1.2
asterisk	open_source	10.1.3
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.1
asterisk	open_source	10.3
asterisk	open_source	10.3.0
asterisk	open_source	10.3.0
asterisk	open_source	10.3.0
asterisk	open_source	10.3.1
asterisk	open_source	10.4.0
asterisk	open_source	10.4.0
asterisk	open_source	10.4.0
asterisk	open_source	10.4.0
sangoma	asterisk	*
asterisk	certified_asterisk	*
asterisk	certified_asterisk	1.8.11
asterisk	certified_asterisk	1.8.11
asterisk	certified_asterisk	1.8.11
asterisk	certified_asterisk	1.8.11
asterisk	certified_asterisk	1.8.11
asterisk	digiumphones	*
asterisk	business_edition	*
asterisk	business_edition	c.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E21DF0C9-16E4-44B0-8749-85F7F245A87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AA9DBB3-1008-4CC8-B81B-991F286A6C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48300C6F-FAF2-4F0A-959F-4B1801AE7D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA237F1-0378-4B8C-9981-B3B47BCB3C50",
              "versionEndIncluding": "1.8.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB76519-FD6D-4D74-8DF7-719822588C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6558058-33DA-43F1-9690-5DA11D5CC713",
              "versionEndIncluding": "10.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:*:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "345918B8-ABB8-4E60-A3AD-C006AD24FEC4",
              "versionEndIncluding": "1.8.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "4889B1B5-5160-476E-A1C0-BEAE63C85CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "62867AEF-D685-4B1F-8AB9-D1CCAC559821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F7C792E2-FBBA-4F1D-8842-5E47B4365FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "B14F1E15-52B4-4947-83EA-85D535FFB55E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "02461B94-32BA-487E-9E9E-D9B5AAAFF602",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:digiumphones:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7438E927-F320-4E40-AE4E-F571483A5D2F",
              "versionEndIncluding": "10.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94539528-4DD3-4BB6-BFFE-920A3937A665",
              "versionEndIncluding": "c.3.7.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D78AA8-AF67-4343-A9B0-EFC63D8CC4BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de lista negra incompleta en main/manager.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-8.1.11 antes de cert6, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n aprovech\u00e1ndose de los privilegios de origen y proporcionando un valor ExternalIVR en una acci\u00f3n IAM Originate.\r\n"
    }
  ],
  "id": "CVE-2012-2186",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-31T14:55:00.950",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id?1027460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027460"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-27CH-CCXG-45PF

Vulnerability from github – Published: 2022-05-17 05:11 – Updated: 2022-05-17 05:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2186"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-31T14:55:00Z",
    "severity": "HIGH"
  },
  "details": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.",
  "id": "GHSA-27ch-ccxg-45pf",
  "modified": "2022-05-17T05:11:24Z",
  "published": "2022-05-17T05:11:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2186"
    },
    {
      "type": "WEB",
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027460"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-2186

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2186

Aliases

CVE-2012-2186

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2186",
    "description": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.",
    "id": "GSD-2012-2186",
    "references": [
      "https://www.debian.org/security/2012/dsa-2550"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2186"
      ],
      "details": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.",
      "id": "GSD-2012-2186",
      "modified": "2023-12-13T01:20:15.629749Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2012-2186",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "50687",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/50687"
          },
          {
            "name": "50756",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/50756"
          },
          {
            "name": "DSA-2550",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2550"
          },
          {
            "name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
            "refsource": "CONFIRM",
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
          },
          {
            "name": "1027460",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027460"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:*:cert5:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:digiumphones:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "c.3.7.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2186"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
            },
            {
              "name": "DSA-2550",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2550"
            },
            {
              "name": "1027460",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027460"
            },
            {
              "name": "50756",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/50756"
            },
            {
              "name": "50687",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/50687"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-04-19T03:21Z",
      "publishedDate": "2012-08-31T14:55Z"
    }
  }
}

VAR-201208-0619

Vulnerability from variot - Updated: 2025-04-11 23:08

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Asterisk is prone to a security-bypass vulnerability that affects the manager interface. An attacker can exploit this issue to bypass certain security restrictions and execute shell commands within the context of the affected application. Asterisk Project Security Advisory - AST-2012-012

      Product         Asterisk                                            
      Summary         Asterisk Manager User Unauthorized Shell Access     
 Nature of Advisory   Permission Escalation                               
   Susceptibility     Remote Authenticated Sessions                       
      Severity        Minor                                               
   Exploits Known     No                                                  
    Reported On       July 13, 2012                                       
    Reported By       Zubair Ashraf of IBM X-Force Research               
     Posted On        August 30, 2012                                     
  Last Updated On     August 30, 2012                                     
  Advisory Contact    Matt Jordan < mjordan AT digium DOT com >           
      CVE Name        CVE-2012-2186

Description  The AMI Originate action can allow a remote user to specify  
             information that can be used to execute shell commands on    
             the system hosting Asterisk. This can result in an unwanted  
             escalation of permissions, as the Originate action, which    
             requires the "originate" class authorization, can be used    
             to perform actions that would typically require the          
             "system" class authorization. Previous attempts to prevent   
             this permission escalation (AST-2011-006, AST-2012-004)      
             have sought to do so by inspecting the names of              
             applications and functions passed in with the Originate      
             action and, if those applications/functions matched a        
             predefined set of values, rejecting the command if the user  
             lacked the "system" class authorization. As reported by IBM  
             X-Force Research, the "ExternalIVR" application is not       
             listed in the predefined set of values. The solution for     
             this particular vulnerability is to include the              
             "ExternalIVR" application in the set of defined              
             applications/functions that require "system" class           
             authorization.

             Unfortunately, the approach of inspecting fields in the      
             Originate action against known applications/functions has a  
             significant flaw. The predefined set of values can be        
             bypassed by creative use of the Originate action or by       
             certain dialplan configurations, which is beyond the         
             ability of Asterisk to analyze at run-time. Attempting to    
             work around these scenarios would result in severely         
             restricting the applications or functions and prevent their  
             usage for legitimate means. As such, any additional          
             security vulnerabilities, where an application/function      
             that would normally require the "system" class               
             authorization can be executed by users with the "originate"  
             class authorization, will not be addressed. Proper system configuration can limit the impact   
             of such scenarios.

             The next release of each version of Asterisk will contain,   
             in addition to the fix for the "ExternalIVR" application,    
             an updated README-SERIOUSLY.bestpractices.txt file.

Resolution  Asterisk now checks for the "ExternalIVR" application when    
            processing the Originate action.

            Additionally, the README-SERIOUSLY.bestpractices.txt file     
            has been updated. It is highly recommended that, if AMI is    
            utilized with accounts that have the "originate" class        
            authorization, Asterisk is run under a defined user that      
            does not have root permissions. Accounts with the             
            "originate" class authorization should be treated in a        
            similar manner to those with the "system" class               
            authorization. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-15

                                        http://security.gentoo.org/

Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: September 26, 2012 Bugs: #425050, #433750 ID: 201209-15

Synopsis

Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code.

Background

Asterisk is an open source telephony engine and toolkit.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/asterisk < 1.8.15.1 >= 1.8.15.1

Description

Multiple vulnerabilities have been found in Asterisk:

An error in manager.c allows shell access (CVE-2012-2186).
An error in Asterisk could cause all RTP ports to be exhausted (CVE-2012-3812).
A double-free error could occur when two parties attempt to manipulate the same voicemail account simultaneously (CVE-2012-3863).
Asterisk does not properly implement certain ACL rules (CVE-2012-4737).

Impact

A remote, authenticated attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass outbound call restrictions.

Workaround

There is no known workaround at this time.

Resolution

All Asterisk users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.15.1"

References

[ 1 ] CVE-2012-2186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2186 [ 2 ] CVE-2012-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3812 [ 3 ] CVE-2012-3863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3863 [ 4 ] CVE-2012-4737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4737

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201209-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-2550-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff September 18, 2012 http://www.debian.org/security/faq

Package : asterisk Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-2186 CVE-2012-3812 CVE-2012-3863 CVE-2012-4737

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.

More detailed information can be found in the Asterisk advisories: http://downloads.asterisk.org/pub/security/AST-2012-010.html http://downloads.asterisk.org/pub/security/AST-2012-011.html http://downloads.asterisk.org/pub/security/AST-2012-012.html http://downloads.asterisk.org/pub/security/AST-2012-013.html

For the stable distribution (squeeze), these problems have been fixed in version 1:1.6.2.9-2+squeeze7.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1:1.8.13.1~dfsg-1.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBYrLoACgkQXm3vHE4uylqDBgCfTQnp2Z1XZSgJkg1L84SDPnjK muwAoOINdMCYMfcEc8spGQ7wrCWPKGaR =FRM+ -----END PGP SIGNATURE-----

. ----------------------------------------------------------------------

The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/

TITLE: Debian update for asterisk

SECUNIA ADVISORY ID: SA50687

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50687/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50687

RELEASE DATE: 2012-09-19

DISCUSS ADVISORY: http://secunia.com/advisories/50687/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/50687/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=50687

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Debian has issued an update for asterisk.

For more information: SA49814 SA50456

SOLUTION: Apply updated packages via the apt-get package manager.

ORIGINAL ADVISORY: DSA-2550-1: http://www.debian.org/security/2012/dsa-2550

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201208-0619",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "10.0.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.8.5.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "10.1.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.8.5"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.8.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "10.2.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "asterisk",
        "version": "1.8.11"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "asterisk",
        "version": "1.8.3.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.1.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.4.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.9.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.7.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.2.2"
      },
      {
        "model": "digiumphones",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.7.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.4.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.4"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.9.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.9.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.9.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.2.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.1.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.7"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.8.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.7.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.8.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.10.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.4.4"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.3.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.6.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.3.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.11.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.4.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.1.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.3"
      },
      {
        "model": "business edition",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.3.7.5"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.10.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.11.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.2.4"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.8.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.12.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.1.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.3.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.4.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.0.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.7.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.3.1"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "10.7.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.2.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.1.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "10.2.1"
      },
      {
        "model": "business edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.3.0"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "1.8.15.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.12"
      },
      {
        "model": "certified asterisk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.8.11"
      },
      {
        "model": "asterisk open source",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.8.15.1"
      },
      {
        "model": "asterisk open source",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "10.7.1"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.8.11-cert6"
      },
      {
        "model": "asterisk business edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "c.3.x"
      },
      {
        "model": "asterisk open source",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.8.x"
      },
      {
        "model": "asterisk business edition",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "c.3.7.6"
      },
      {
        "model": "certified asterisk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.8.11"
      },
      {
        "model": "asterisk open source",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "10.x"
      },
      {
        "model": "asterisk with digiumphones",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "10.x.x-digiumphones"
      },
      {
        "model": "asterisk with digiumphones",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "10.7.1-digiumphones"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "10.7"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.2.17.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.1.23"
      },
      {
        "model": "digiumphones 10.5.2-digiumphones",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "digiumphones 10.5.1-digiumphones",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.7.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.7.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.7.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.6.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.6.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.6.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.3.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "3"
      },
      {
        "model": "business edition c.3.2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "2"
      },
      {
        "model": "business edition c.3.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1"
      },
      {
        "model": "certified asterisk 1.8.11-cert6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "open source",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "10.7.1"
      },
      {
        "model": "open source",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.8.15.1"
      },
      {
        "model": "digiumphones 10.7.1-digiumphones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.3.7.6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "55351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:digium:asterisk_business_edition",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:open_source",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:asterisk_digiumphones",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:certified_asterisk",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Zubair Ashraf of IBM X-Force Research",
    "sources": [
      {
        "db": "BID",
        "id": "55351"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2186",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2012-2186",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-2186",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-2186",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201208-683",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Asterisk is prone to a security-bypass vulnerability that affects the manager interface. \nAn attacker can exploit this issue to bypass certain security restrictions and execute shell commands within the context of the affected application.                Asterisk Project Security Advisory - AST-2012-012\n\n          Product         Asterisk                                            \n          Summary         Asterisk Manager User Unauthorized Shell Access     \n     Nature of Advisory   Permission Escalation                               \n       Susceptibility     Remote Authenticated Sessions                       \n          Severity        Minor                                               \n       Exploits Known     No                                                  \n        Reported On       July 13, 2012                                       \n        Reported By       Zubair Ashraf of IBM X-Force Research               \n         Posted On        August 30, 2012                                     \n      Last Updated On     August 30, 2012                                     \n      Advisory Contact    Matt Jordan \u003c mjordan AT digium DOT com \u003e           \n          CVE Name        CVE-2012-2186                                       \n\n    Description  The AMI Originate action can allow a remote user to specify  \n                 information that can be used to execute shell commands on    \n                 the system hosting Asterisk. This can result in an unwanted  \n                 escalation of permissions, as the Originate action, which    \n                 requires the \"originate\" class authorization, can be used    \n                 to perform actions that would typically require the          \n                 \"system\" class authorization. Previous attempts to prevent   \n                 this permission escalation (AST-2011-006, AST-2012-004)      \n                 have sought to do so by inspecting the names of              \n                 applications and functions passed in with the Originate      \n                 action and, if those applications/functions matched a        \n                 predefined set of values, rejecting the command if the user  \n                 lacked the \"system\" class authorization. As reported by IBM  \n                 X-Force Research, the \"ExternalIVR\" application is not       \n                 listed in the predefined set of values. The solution for     \n                 this particular vulnerability is to include the              \n                 \"ExternalIVR\" application in the set of defined              \n                 applications/functions that require \"system\" class           \n                 authorization.                                               \n                                                                              \n                 Unfortunately, the approach of inspecting fields in the      \n                 Originate action against known applications/functions has a  \n                 significant flaw. The predefined set of values can be        \n                 bypassed by creative use of the Originate action or by       \n                 certain dialplan configurations, which is beyond the         \n                 ability of Asterisk to analyze at run-time. Attempting to    \n                 work around these scenarios would result in severely         \n                 restricting the applications or functions and prevent their  \n                 usage for legitimate means. As such, any additional          \n                 security vulnerabilities, where an application/function      \n                 that would normally require the \"system\" class               \n                 authorization can be executed by users with the \"originate\"  \n                 class authorization, will not be addressed. Proper system configuration can limit the impact   \n                 of such scenarios.                                           \n                                                                              \n                 The next release of each version of Asterisk will contain,   \n                 in addition to the fix for the \"ExternalIVR\" application,    \n                 an updated README-SERIOUSLY.bestpractices.txt file.          \n\n    Resolution  Asterisk now checks for the \"ExternalIVR\" application when    \n                processing the Originate action.                              \n                                                                              \n                Additionally, the README-SERIOUSLY.bestpractices.txt file     \n                has been updated. It is highly recommended that, if AMI is    \n                utilized with accounts that have the \"originate\" class        \n                authorization, Asterisk is run under a defined user that      \n                does not have root permissions. Accounts with the             \n                \"originate\" class authorization should be treated in a        \n                similar manner to those with the \"system\" class               \n                authorization. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201209-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Asterisk: Multiple vulnerabilities\n     Date: September 26, 2012\n     Bugs: #425050, #433750\n       ID: 201209-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Asterisk, the worst of\nwhich may allow execution of arbitrary code. \n\nBackground\n==========\n\nAsterisk is an open source telephony engine and toolkit. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/asterisk           \u003c 1.8.15.1               \u003e= 1.8.15.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in Asterisk:\n\n* An error in manager.c allows shell access (CVE-2012-2186). \n* An error in Asterisk could cause all RTP ports to be exhausted\n  (CVE-2012-3812). \n* A double-free error could occur when two parties attempt to\n  manipulate the same voicemail account simultaneously (CVE-2012-3863). \n* Asterisk does not properly implement certain ACL rules\n  (CVE-2012-4737). \n\nImpact\n======\n\nA remote, authenticated attacker could execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, or\nbypass outbound call restrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Asterisk users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/asterisk-1.8.15.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2186\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2186\n[ 2 ] CVE-2012-3812\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3812\n[ 3 ] CVE-2012-3863\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3863\n[ 4 ] CVE-2012-4737\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4737\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2550-1                   security@debian.org\nhttp://www.debian.org/security/                        Moritz Muehlenhoff\nSeptember 18, 2012                     http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nVulnerability  : several\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2012-2186 CVE-2012-3812 CVE-2012-3863 CVE-2012-4737\n\nSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony \ntoolkit, allowing privilege escalation in the Asterisk Manager, denial of\nservice or privilege escalation. \n\nMore detailed information can be found in the Asterisk advisories:\nhttp://downloads.asterisk.org/pub/security/AST-2012-010.html \nhttp://downloads.asterisk.org/pub/security/AST-2012-011.html \nhttp://downloads.asterisk.org/pub/security/AST-2012-012.html \nhttp://downloads.asterisk.org/pub/security/AST-2012-013.html \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze7. \n\nFor the testing distribution (wheezy) and the unstable distribution (sid), \nthese problems have been fixed in version 1:1.8.13.1~dfsg-1. \n\nWe recommend that you upgrade your asterisk packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niEYEARECAAYFAlBYrLoACgkQXm3vHE4uylqDBgCfTQnp2Z1XZSgJkg1L84SDPnjK\nmuwAoOINdMCYMfcEc8spGQ7wrCWPKGaR\n=FRM+\n-----END PGP SIGNATURE-----\n\n\n. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for asterisk\n\nSECUNIA ADVISORY ID:\nSA50687\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50687/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50687\n\nRELEASE DATE:\n2012-09-19\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50687/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50687/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50687\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for asterisk. \n\nFor more information:\nSA49814\nSA50456\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2550-1:\nhttp://www.debian.org/security/2012/dsa-2550\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "db": "BID",
        "id": "55351"
      },
      {
        "db": "PACKETSTORM",
        "id": "116096"
      },
      {
        "db": "PACKETSTORM",
        "id": "116914"
      },
      {
        "db": "PACKETSTORM",
        "id": "116960"
      },
      {
        "db": "PACKETSTORM",
        "id": "116896"
      },
      {
        "db": "PACKETSTORM",
        "id": "116646"
      },
      {
        "db": "PACKETSTORM",
        "id": "116705"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2186",
        "trust": 3.1
      },
      {
        "db": "SECUNIA",
        "id": "50756",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "50687",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1027460",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "20761",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-683",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "55351",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "116096",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116914",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116960",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116896",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116646",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116705",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "55351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "db": "PACKETSTORM",
        "id": "116096"
      },
      {
        "db": "PACKETSTORM",
        "id": "116914"
      },
      {
        "db": "PACKETSTORM",
        "id": "116960"
      },
      {
        "db": "PACKETSTORM",
        "id": "116896"
      },
      {
        "db": "PACKETSTORM",
        "id": "116646"
      },
      {
        "db": "PACKETSTORM",
        "id": "116705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "id": "VAR-201208-0619",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.348297215
  },
  "last_update_date": "2025-04-11T23:08:50.009000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AST-2012-012",
        "trust": 0.8,
        "url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
      },
      {
        "title": "DSA-2550",
        "trust": 0.8,
        "url": "http://www.debian.org/security/2012/dsa-2550"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-nocwe",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://downloads.asterisk.org/pub/security/ast-2012-012.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2012/dsa-2550"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/50756"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id?1027460"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/50687"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2186"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2186"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/20761"
      },
      {
        "trust": 0.4,
        "url": "https://issues.asterisk.org/jira/browse/asterisk-20132"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2186"
      },
      {
        "trust": 0.3,
        "url": "http://www.asterisk.org/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3812"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4737"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3863"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/blog/325/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2012-012.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2012-012.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.asterisk.org/security"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2012-012-1.8.diff"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3863"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2186"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201209-15.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3812"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4737"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/50756/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/50756/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50756"
      },
      {
        "trust": 0.1,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-201209-15.xml"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2012-011.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2012-010.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2012-013.html"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50687"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/50687/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/50687/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "55351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "db": "PACKETSTORM",
        "id": "116096"
      },
      {
        "db": "PACKETSTORM",
        "id": "116914"
      },
      {
        "db": "PACKETSTORM",
        "id": "116960"
      },
      {
        "db": "PACKETSTORM",
        "id": "116896"
      },
      {
        "db": "PACKETSTORM",
        "id": "116646"
      },
      {
        "db": "PACKETSTORM",
        "id": "116705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "55351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "db": "PACKETSTORM",
        "id": "116096"
      },
      {
        "db": "PACKETSTORM",
        "id": "116914"
      },
      {
        "db": "PACKETSTORM",
        "id": "116960"
      },
      {
        "db": "PACKETSTORM",
        "id": "116896"
      },
      {
        "db": "PACKETSTORM",
        "id": "116646"
      },
      {
        "db": "PACKETSTORM",
        "id": "116705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-08-30T00:00:00",
        "db": "BID",
        "id": "55351"
      },
      {
        "date": "2012-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "date": "2012-08-30T21:46:42",
        "db": "PACKETSTORM",
        "id": "116096"
      },
      {
        "date": "2012-09-27T00:09:12",
        "db": "PACKETSTORM",
        "id": "116914"
      },
      {
        "date": "2012-09-28T03:46:47",
        "db": "PACKETSTORM",
        "id": "116960"
      },
      {
        "date": "2012-09-26T22:17:20",
        "db": "PACKETSTORM",
        "id": "116896"
      },
      {
        "date": "2012-09-19T07:22:56",
        "db": "PACKETSTORM",
        "id": "116646"
      },
      {
        "date": "2012-09-19T10:31:08",
        "db": "PACKETSTORM",
        "id": "116705"
      },
      {
        "date": "2012-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      },
      {
        "date": "2012-08-31T14:55:00.950000",
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T22:13:00",
        "db": "BID",
        "id": "55351"
      },
      {
        "date": "2012-11-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      },
      {
        "date": "2012-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2012-2186"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "116096"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-683"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Asterisk Product of  main/manager.c Vulnerable to arbitrary command execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-004020"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "55351"
      }
    ],
    "trust": 0.3
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2186 (GCVE-0-2012-2186)

CERTA-2012-AVI-478

Solution

FKIE_CVE-2012-2186

GHSA-27CH-CCXG-45PF

GSD-2012-2186

VAR-201208-0619

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature