4.3
CVE-2010-1224
- EPSS 3.55%
- Veröffentlicht 01.04.2010 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:17:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.55% | 0.878 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
http://secunia.com/advisories/39096
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2010-003.html
http://osvdb.org/62588
http://secunia.com/advisories/38752
http://www.securityfocus.com/archive/1/509757/100/0/threaded
http://www.securityfocus.com/bid/38424
http://www.vupen.com/english/advisories/2010/0475
https://exchange.xforce.ibmcloud.com/vulnerabilities/56552