CVE-2012-2414

EPSS 4.28%
Veröffentlicht 30.04.2012 20:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asterisk ≫ Open Source Version1.6.2.0

Asterisk ≫ Open Source Version1.6.2.0 Updaterc2

Asterisk ≫ Open Source Version1.6.2.0 Updaterc3

Asterisk ≫ Open Source Version1.6.2.0 Updaterc4

Asterisk ≫ Open Source Version1.6.2.0 Updaterc5

Asterisk ≫ Open Source Version1.6.2.0 Updaterc6

Asterisk ≫ Open Source Version1.6.2.0 Updaterc7

Asterisk ≫ Open Source Version1.6.2.0 Updaterc8

Asterisk ≫ Open Source Version1.6.2.1

Asterisk ≫ Open Source Version1.6.2.1 Updaterc1

Asterisk ≫ Open Source Version1.6.2.2

Asterisk ≫ Open Source Version1.6.2.3 Updaterc2

Asterisk ≫ Open Source Version1.6.2.4

Asterisk ≫ Open Source Version1.6.2.5

Asterisk ≫ Open Source Version1.6.2.6

Asterisk ≫ Open Source Version1.6.2.6 Updaterc1

Asterisk ≫ Open Source Version1.6.2.6 Updaterc2

Asterisk ≫ Open Source Version1.6.2.7

Asterisk ≫ Open Source Version1.6.2.7 Updaterc1

Asterisk ≫ Open Source Version1.6.2.7 Updaterc2

Asterisk ≫ Open Source Version1.6.2.7 Updaterc3

Asterisk ≫ Open Source Version1.6.2.8

Asterisk ≫ Open Source Version1.6.2.8 Updaterc1

Asterisk ≫ Open Source Version1.6.2.9

Asterisk ≫ Open Source Version1.6.2.9 Updaterc1

Asterisk ≫ Open Source Version1.6.2.9 Updaterc2

Asterisk ≫ Open Source Version1.6.2.9 Updaterc3

Asterisk ≫ Open Source Version1.6.2.10

Asterisk ≫ Open Source Version1.6.2.10 Updaterc1

Asterisk ≫ Open Source Version1.6.2.10 Updaterc2

Asterisk ≫ Open Source Version1.6.2.11

Asterisk ≫ Open Source Version1.6.2.11 Updaterc1

Asterisk ≫ Open Source Version1.6.2.11 Updaterc2

Asterisk ≫ Open Source Version1.6.2.12

Asterisk ≫ Open Source Version1.6.2.12 Updaterc1

Asterisk ≫ Open Source Version1.6.2.13

Asterisk ≫ Open Source Version1.6.2.14

Asterisk ≫ Open Source Version1.6.2.14 Updaterc1

Asterisk ≫ Open Source Version1.6.2.15

Asterisk ≫ Open Source Version1.6.2.15 Updaterc1

Asterisk ≫ Open Source Version1.6.2.15.1

Asterisk ≫ Open Source Version1.6.2.16

Asterisk ≫ Open Source Version1.6.2.16 Updaterc1

Asterisk ≫ Open Source Version1.6.2.16.1

Asterisk ≫ Open Source Version1.6.2.16.2

Asterisk ≫ Open Source Version1.6.2.17

Asterisk ≫ Open Source Version1.6.2.17 Updaterc1

Asterisk ≫ Open Source Version1.6.2.17 Updaterc2

Asterisk ≫ Open Source Version1.6.2.17 Updaterc3

Asterisk ≫ Open Source Version1.6.2.17.1

Asterisk ≫ Open Source Version1.6.2.17.2

Asterisk ≫ Open Source Version1.6.2.17.3

Asterisk ≫ Open Source Version1.6.2.18

Asterisk ≫ Open Source Version1.6.2.18 Updaterc1

Asterisk ≫ Open Source Version1.6.2.18.1

Asterisk ≫ Open Source Version1.6.2.18.2

Asterisk ≫ Open Source Version1.6.2.19

Asterisk ≫ Open Source Version1.6.2.19 Updaterc1

Asterisk ≫ Open Source Version1.6.2.20

Asterisk ≫ Open Source Version1.6.2.21

Asterisk ≫ Open Source Version1.6.2.22

Asterisk ≫ Open Source Version1.6.2.23

Asterisk ≫ Open Source Version1.8.0

Asterisk ≫ Open Source Version1.8.0 Updatebeta1

Asterisk ≫ Open Source Version1.8.0 Updatebeta2

Asterisk ≫ Open Source Version1.8.0 Updatebeta3

Asterisk ≫ Open Source Version1.8.0 Updatebeta4

Asterisk ≫ Open Source Version1.8.0 Updatebeta5

Asterisk ≫ Open Source Version1.8.0 Updaterc2

Asterisk ≫ Open Source Version1.8.0 Updaterc3

Asterisk ≫ Open Source Version1.8.0 Updaterc4

Asterisk ≫ Open Source Version1.8.0 Updaterc5

Asterisk ≫ Open Source Version1.8.1

Asterisk ≫ Open Source Version1.8.1 Updaterc1

Asterisk ≫ Open Source Version1.8.1.1

Asterisk ≫ Open Source Version1.8.1.2

Asterisk ≫ Open Source Version1.8.2

Asterisk ≫ Open Source Version1.8.2 Updaterc1

Asterisk ≫ Open Source Version1.8.2.1

Asterisk ≫ Open Source Version1.8.2.2

Asterisk ≫ Open Source Version1.8.2.3

Asterisk ≫ Open Source Version1.8.2.4

Asterisk ≫ Open Source Version1.8.3

Asterisk ≫ Open Source Version1.8.3 Updaterc1

Asterisk ≫ Open Source Version1.8.3 Updaterc2

Asterisk ≫ Open Source Version1.8.3 Updaterc3

Asterisk ≫ Open Source Version1.8.3.1

Asterisk ≫ Open Source Version1.8.3.2

Asterisk ≫ Open Source Version1.8.3.3

Asterisk ≫ Open Source Version1.8.4

Asterisk ≫ Open Source Version1.8.4 Updaterc1

Asterisk ≫ Open Source Version1.8.4 Updaterc2

Asterisk ≫ Open Source Version1.8.4 Updaterc3

Asterisk ≫ Open Source Version1.8.4.1

Asterisk ≫ Open Source Version1.8.4.2

Asterisk ≫ Open Source Version1.8.4.3

Asterisk ≫ Open Source Version1.8.4.4

Asterisk ≫ Open Source Version1.8.5 Updaterc1

Asterisk ≫ Open Source Version1.8.5.0

Asterisk ≫ Open Source Version1.8.6.0

Asterisk ≫ Open Source Version1.8.6.0 Updaterc1

Asterisk ≫ Open Source Version1.8.6.0 Updaterc2

Asterisk ≫ Open Source Version1.8.6.0 Updaterc3

Asterisk ≫ Open Source Version1.8.7.0

Asterisk ≫ Open Source Version1.8.7.0 Updaterc1

Asterisk ≫ Open Source Version1.8.7.0 Updaterc2

Asterisk ≫ Open Source Version1.8.7.1

Asterisk ≫ Open Source Version1.8.7.2

Asterisk ≫ Open Source Version1.8.8.0

Asterisk ≫ Open Source Version1.8.8.0 Updaterc1

Asterisk ≫ Open Source Version1.8.8.0 Updaterc2

Asterisk ≫ Open Source Version1.8.8.0 Updaterc3

Asterisk ≫ Open Source Version1.8.8.0 Updaterc4

Asterisk ≫ Open Source Version1.8.8.0 Updaterc5

Asterisk ≫ Open Source Version1.8.8.1

Asterisk ≫ Open Source Version1.8.8.2

Asterisk ≫ Open Source Version1.8.9.0

Asterisk ≫ Open Source Version1.8.9.0 Updaterc1

Asterisk ≫ Open Source Version1.8.9.0 Updaterc2

Asterisk ≫ Open Source Version1.8.9.0 Updaterc3

Asterisk ≫ Open Source Version1.8.9.1

Asterisk ≫ Open Source Version1.8.9.2

Asterisk ≫ Open Source Version1.8.9.3

Asterisk ≫ Open Source Version1.8.10.0

Asterisk ≫ Open Source Version1.8.10.0 Updaterc1

Asterisk ≫ Open Source Version1.8.10.0 Updaterc2

Asterisk ≫ Open Source Version1.8.10.0 Updaterc3

Asterisk ≫ Open Source Version1.8.10.0 Updaterc4

Asterisk ≫ Open Source Version1.8.10.1

Asterisk ≫ Open Source Version1.8.11.0 Updaterc2

Asterisk ≫ Open Source Version1.8.11.0 Updaterc3

Asterisk ≫ Open Source Version10.0.0

Asterisk ≫ Open Source Version10.0.0 Updatebeta1

Asterisk ≫ Open Source Version10.0.0 Updatebeta2

Asterisk ≫ Open Source Version10.0.0 Updaterc1

Asterisk ≫ Open Source Version10.0.0 Updaterc2

Asterisk ≫ Open Source Version10.0.0 Updaterc3

Asterisk ≫ Open Source Version10.0.1

Asterisk ≫ Open Source Version10.1.0

Asterisk ≫ Open Source Version10.1.0 Updaterc1

Asterisk ≫ Open Source Version10.1.0 Updaterc2

Asterisk ≫ Open Source Version10.1.1

Asterisk ≫ Open Source Version10.1.2

Asterisk ≫ Open Source Version10.1.3

Asterisk ≫ Open Source Version10.2.0

Asterisk ≫ Open Source Version10.2.0 Updaterc1

Asterisk ≫ Open Source Version10.2.0 Updaterc2

Asterisk ≫ Open Source Version10.2.0 Updaterc3

Asterisk ≫ Open Source Version10.2.0 Updaterc4

Asterisk ≫ Open Source Version10.2.1

Asterisk ≫ Open Source Version10.3.0

Asterisk ≫ Open Source Version10.3.0 Updaterc2

Asterisk ≫ Open Source Version10.3.0 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.28%	0.877

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://downloads.asterisk.org/pub/security/AST-2012-004.html

Patch

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html

http://osvdb.org/81454

http://secunia.com/advisories/48891

http://secunia.com/advisories/48941

http://www.debian.org/security/2012/dsa-2460

http://www.securityfocus.com/bid/53206

http://www.securitytracker.com/id?1026961

https://exchange.xforce.ibmcloud.com/vulnerabilities/75100

https://nvd.nist.gov/vuln/detail/CVE-2012-2414

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2414

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2414

EUVD