Digium Asterisk GUI up to 2.1.0 os command injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Digium Asterisk GUI up to 2.1.0 (Communications System) and classified as critical. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082001601/14/2021VulD...cvss2_nvd_basescore9.0nist.gov01/14/2021accepted90
1082001501/14/2021VulD...person_nameDavy Douhinesecurityfocus.com01/14/2021accepted70
713942111/19/2019VulD...securityfocus_classInput Validation Errorsecurityfocus.com11/19/2019accepted100
713942011/19/2019VulD...securityfocus_date1505952000 (09/21/2017)securityfocus.com11/19/2019accepted100
713937511/19/2019VulD...discoverydate150595200011/19/2019accepted100
713943109/26/2017VulD...cvss3_nvd_basescore8.8nist.gov09/26/2017accepted90
713943009/26/2017VulD...0day_days409/26/2017accepted90
713942909/26/2017VulD...cvss3_vuldb_rcX09/26/2017accepted90
713942809/26/2017VulD...cvss3_vuldb_rlX09/26/2017accepted90
713942709/26/2017VulD...cvss3_vuldb_eX09/26/2017accepted90
713942609/26/2017VulD...cvss2_vuldb_rcND09/26/2017accepted90
713942509/26/2017VulD...cvss2_vuldb_rlND09/26/2017accepted90
713942409/26/2017VulD...cvss2_vuldb_eND09/26/2017accepted90
713942309/26/2017VulD...locationWebsite09/26/2017accepted90
713942209/26/2017VulD...securityfocus_titleDigium Asterisk GUI CVE-2017-14001 OS Command Injection Vulnerabilitysecurityfocus.com09/26/2017accepted100
713941909/26/2017VulD...securityfocus100950securityfocus.com09/26/2017accepted100
713941809/26/2017VulD...cve_nvd_summaryAn Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.mitre.org09/26/2017accepted100
713941709/26/2017VulD...cve_nvd_published1506297600mitre.org09/26/2017accepted100
713941609/26/2017VulD...cve_assigned1504051200mitre.org09/26/2017accepted100
713941509/26/2017VulD...cveCVE-2017-14001mitre.org09/26/2017accepted100

Do you need the next level of professionalism?

Upgrade your account now!