Digium Asterisk GUI hasta 2.1.0 escalada de privilegios

artículoeditHistoryDiffjsonxmlCTI

Una vulnerabilidad clasificada como crítica ha sido encontrada en Digium Asterisk GUI hasta 2.1.0 (Communications System). Una función desconocida es afectada por esta vulnerabilidad. No hay información respecto a posibles contramedidas. Se sugiere sustituir el producto con un equivalente.

Campo2017-09-26 15:122019-11-19 16:302021-01-14 13:20
typeCommunications SystemCommunications SystemCommunications System
vendorDigiumDigiumDigium
nameAsterisk GUIAsterisk GUIAsterisk GUI
version<=2.1.0<=2.1.0<=2.1.0
cwe78 (escalada de privilegios)78 (escalada de privilegios)78 (escalada de privilegios)
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore6.56.56.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.57.57.5
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506384000 (2017-09-26)1506384000 (2017-09-26)1506384000 (2017-09-26)
urlhttp://www.securityfocus.com/bid/100950http://www.securityfocus.com/bid/100950http://www.securityfocus.com/bid/100950
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-14001CVE-2017-14001CVE-2017-14001
cve_assigned150405120015040512001504051200
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryAn Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.
securityfocus100950100950100950
securityfocus_titleDigium Asterisk GUI CVE-2017-14001 OS Command Injection VulnerabilityDigium Asterisk GUI CVE-2017-14001 OS Command Injection VulnerabilityDigium Asterisk GUI CVE-2017-14001 OS Command Injection Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days444
cvss3_nvd_basescore8.88.88.8
discoverydate15059520001505952000
securityfocus_date1505952000 (2017-09-21)1505952000 (2017-09-21)
securityfocus_classInput Validation ErrorInput Validation Error
person_nameDavy Douhine
cvss2_nvd_basescore9.0

Do you know our Splunk app?

Download it now for free!