1. CVE-Search
  2. CVE-2014-8414
ID CVE-2014-8414
Summary ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
References
Vulnerable Configurations
  • cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*
    cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*
  • cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*
    cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*
CVSS
Base: 5.0 (as of 30-12-2014 - 21:18)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm http://downloads.asterisk.org/pub/security/AST-2014-014.html
fulldisc 20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.
Last major update 30-12-2014 - 21:18
Published 24-11-2014 - 15:59
Last modified 30-12-2014 - 21:18
Back to Top