cve-2010-0685
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt",
"refsource": "MISC",
"url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
},
{
"name": "39096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39096"
},
{
"name": "1023637",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023637"
},
{
"name": "FEDORA-2010-3724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
},
{
"name": "38641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38641"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2010-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
},
{
"name": "ADV-2010-0439",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0439"
},
{
"name": "asterisk-dial-weak-security(56397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0685",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-02-22T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-0685\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-02-23T20:30:00.780\",\"lastModified\":\"2024-11-21T01:12:44.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.\"},{\"lang\":\"es\",\"value\":\"El dise\u00f1o de la funcionalidad dialplan en Asterisk Open Source v1.2.x, v1.4.x, y v1.6.x; y Asterisk Business Edition vB.x.x y vC.x.x,cuando se utiliza la variable de canal $ (EXTEN) y coincidencias de patron comod\u00edn, permite a atacantes dependiendo del contexto, inyectar cadenas en dialplan utilizando metacaracteres que son inyectados cuando la variable es expandida, como se demuestra utilizando la aplicaci\u00f3n Dial en un proceso en el que el mensaje SIP INVITE esta manipulado el cual a\u00f1ade un canal de salida no previsto. NOTA: Podr\u00eda argumentarse que esto no es una vulnerabilidad en Asterisk, pero hay un tipo de vulnerabilidades que pueden producirse en cualquier programa que utilice esta caracter\u00edstica sin la funcionalidad de filtrado correspondiente que actualmente esta disponible.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39358795-09A6-44C6-B969-1560CEF40057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2DAB51-91ED-43D4-AEA9-7C4661089BAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A596A018-2FBC-4CEB-9910-756CC6598679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"14BDCF8E-0B68-430A-A463-EE40C1A9AD65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CD93E-71A5-49EC-B986-5868C05553EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B66B213-4397-4435-8E48-8ED69AAE13D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55131A3D-C892-44EC-83D6-5888C57B11A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"E017DD53-B8EC-4EA2-BF59-18C075C5771D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B940EEC6-4451-42B9-A56D-BDB8801B3685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE4AB19F-1338-466D-AAD8-584C79FED1AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C619138A-557F-419E-9832-D0FB0E9042C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6656EA0-4D4F-4251-A30F-48375C5CE3E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AAD9104-BA4A-478F-9B56-195E0F9A7DF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F06C361-D7DF-474B-A835-BA8886C11A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"175954A5-E712-41B8-BC11-4F999343063D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DF9E41E-8FE6-4396-A5D4-D4568600FE03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B43C508-91E3-49C9-86F0-3643D8F2B7F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4457486F-E9B4-46B8-A05D-3B32F8B639A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"0831E658-36AB-4A4B-9929-3DB6BE855A3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69417F54-D92F-46FB-9BFA-995211279C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4611BEA0-25EC-4705-A390-6DF678373FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53022458-F443-4402-AC52-FC3AE810E89E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"120B85AA-E9B8-4A4D-81CE-FD36CDB63074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"64D94742-7CA1-487B-90E8-5063FBF88925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12302460-5D3F-4045-9DBF-606562E03BDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"78546FDF-C843-4E48-ABEE-CC3514AA7C3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6EBC0B-9842-44D1-B9D6-EFB88BE22879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"052969F1-6758-46E8-9273-E0F872BD65BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624A0F00-4629-4550-847F-F24CC93DFF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"E473F645-F8B0-43FE-957B-F053427465DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FC9AAB-1FAD-4953-A2FC-D42E9687D27E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"460C9907-AA19-402A-85DE-D3CEA98B107B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD80F0D6-6B5B-41D3-AC41-F1643865088A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"734D5198-53C1-40D3-B5BF-D74FC71FD3BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"788DEF5E-8A99-463D-89DC-0CC032271554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0996D7A-9419-4897-A0AF-498AC3A2A81F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D670E6-47E5-4B40-9217-F97D5F39C3EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"94C23DB8-3C92-40FE-B8A6-ADF84D28510E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6CE7E4E-DA2D-4F03-A226-92965B40AE34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C59A947-457E-47EB-832E-3DA70CB52695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F74B56-B412-4AF1-AED0-C948AB6DC829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B50ADDB-D3C2-407D-8844-F93866E5F20C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4149B59-E773-4ED8-A71D-EB7D00808819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A0408C3-0FA7-4A17-9451-C4D46CDA8F27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"1726090D-0C37-44A4-AD9B-7ED733B8702D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"54354E16-3238-43E8-BAA9-93CA7EB44D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6867EED4-FC3B-4B72-88A5-DED96C729FE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A0867FC-7161-433F-A416-D7207C8D4D36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97BE6B60-3276-4580-843B-743D0D71E3DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*\",\"matchCriteriaId\":\"36491B32-A405-4C5B-938F-9BEA50A8AF16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6141909B-EBC4-4726-AE9F-669C31257A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A51AC-EF20-4736-ADDB-D2A70BCB79EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4600BB66-6DEB-444B-AF9E-BDD06CFD2876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE089E31-3521-4D12-B81C-B6E386AE1409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5E9888-16CD-4DB2-8889-CE4477559C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C29C9A2C-6435-444E-A20B-5881F3798B85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E77A2569-CFAE-498D-A633-803849CFECE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D16E88E6-42D0-400E-AF43-111B35CE11E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE15A42E-030B-48F0-9498-1755DAAEDFB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39511726-1202-4179-9708-4D3B28496768\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9A4328-F274-4591-A386-943FD6608374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF11B38A-12D7-453A-870D-CDC2DE9313CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D69ACB7-CF9A-40B5-819E-58DA884D4E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E56DB29-571D-4615-B347-38CF4590E463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC8D6D4-A389-4A78-8DA8-351A9CB896E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E979AC4-58EA-4297-9F90-350924BBE440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A58CCD3-4A0C-468B-85F2-59A52B7293A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3542DB91-8487-49D6-AA15-E8FD9D6B99D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"661D710E-79F0-4E98-B35B-ED0549D35C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F80CBCB-F58D-4BE7-8E78-67E04C900D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB61D32E-3400-480E-BD27-BA3F98F94427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687C67CB-46AF-40C2-8A02-081C7F78568A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"300F158E-ED27-46C8-85E4-AA0AA6B201DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB6F04C0-3226-4D2C-97A3-39999483C62C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30685A20-963A-48D4-B7D7-2C11C2C812AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C54C3AAC-4D5D-4661-86AB-6849982E8C67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2EFBC9E-4DCA-43CB-93EB-6807E2383A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98755B1B-CAD5-4AC5-8571-52E67C3A8274\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9D8C8FE-3D09-4F60-AD03-9D4439942141\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43F1849F-1230-45E7-B6A3-D6FC72EB0F11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4333904-9D21-4149-965F-F49F0A34BD85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B10AE4B-EC2D-4D5B-B842-50F5097A0650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCB18BE2-B073-429C-ABE7-B8305793DAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DBA63FE-62AF-4F3D-B30C-550D17C4E35F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5D425E6-E2E5-4452-9EAA-2697C1155784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E06848DE-6EE1-4FD0-A14F-39D41B2F3E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8374B5D-DE7A-4C3C-A5FE-579B17006A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F8B700A-FACB-4BC8-9DF2-972DC63D852B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"D110DCEB-F2F9-4600-B49F-22952C71B785\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"3333A119-D92F-433C-BF5D-0037199256C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"19C44C33-EADA-48FD-A634-8066A003AFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"294A2BA2-26EB-40AD-B861-7FA9043CD097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"4FAC61AF-BDF2-4397-A8F8-9D9155836E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"33DE61C2-8C6A-4CD3-8D56-E70C4356CD50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"EECB5F75-BCE2-4777-933E-25EB5657750C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"B5D51557-3E67-4C9A-9753-472D13FCA5C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"761DB3A3-1540-4976-AEB2-F8E45CCCC5E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"947F58B8-21AF-460B-8203-D2605A1F91D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*\",\"matchCriteriaId\":\"1C4E15BB-71AB-4936-9CA7-E844572A3953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*\",\"matchCriteriaId\":\"EE5823E1-5BFF-44E0-B8DD-4D994073DC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"E6C147EF-0C39-4979-A4F6-C0BE288F083F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"0C1A8352-DE70-4D4E-BC4D-8EABE5431646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"615D7356-E9DD-4149-B1BE-D3C3475A8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"0628E34F-1A60-416D-A29C-EA28E8CC2430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"5F54511A-A2A9-4038-9D7D-2283A6709DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"3FA908BA-BEF8-44A5-AC95-E7CF020D0C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*\",\"matchCriteriaId\":\"78E8936C-033B-49E6-BB39-D5BBBC80EB55\"}]}]}],\"references\":[{\"url\":\"http://downloads.digium.com/pub/security/AST-2010-002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38641\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39096\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/509608/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023637\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0439\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56397\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://downloads.digium.com/pub/security/AST-2010-002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/509608/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.