Search criteria
8 vulnerabilities found for business_edition by asterisk
FKIE_CVE-2013-2264
Vulnerability from fkie_nvd - Published: 2013-04-01 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41CA6DD3-FD39-482B-83AA-FE24055E9B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AB9A1-54B6-4C9A-8E4C-52A3BF147DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E4852C-4444-40BB-8DBB-51EC97D6BD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "602E20C8-9DFF-4D11-8F1E-F7E943E8FE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC5CE37E-7BAC-45D5-AD09-8823D893627C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B38DE1B4-44CF-4199-B739-5880F6492216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B25558F4-2DF6-4C00-969F-67F7C2A05668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EFFEF57-8097-42B1-AC4F-20CEFAC4AFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6DFF8BD7-7287-40B2-8BAC-46C85440882D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00C94601-5C7E-4B9B-A8C9-A78C7E529864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1926E877-9EA2-457B-B501-6E07760B38A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "604956F2-5FE8-4D0A-A5EF-20E6D0E89933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42D8445A-8F8D-47D3-BBE4-687BD00D2E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9DF848-DEFC-4F1C-81BF-BFD2E142565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BBB8E443-4A8D-405D-AF18-D56EE3D3AB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5BAE4B32-F771-4DEA-9665-C862F3BA38B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21E8BAFB-6973-48DE-9835-93464882712A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57BF8BF0-DAD0-472B-9A13-34633F2BED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "06E40764-4AFD-4DAA-BC96-46881EB55F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "412E6FAF-60A4-44DF-A1E5-BFBB127367B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBFEE9B-B3D5-4659-A833-03804A010474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F127574-4C2A-4D0D-9601-B369C9E75BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A58518-4619-4B6C-A01E-875E7A02B563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A56402C5-9408-4A7C-A6BF-DF1707EE19F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "145FF5F2-E4DC-42AD-B320-A9A82D517073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "217B4501-AEBA-4417-87D8-0C18779F16F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3784F3AC-0A54-4453-85C9-33C5AF05564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39900193-C2F2-424E-95A9-B7EF637A3F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "589B3B1E-5BCB-4BA3-B4A6-CD9FAF8AD05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B5C6294-7BB5-4749-8F90-7AB3786696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D3320-3A6E-4756-9314-78E5027CDD88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC59D23-316D-43FC-9BA9-67E8BDAF5F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59556035-E04B-4350-BD3B-A3935C28C6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F73501-BE0D-4130-8077-D5D853E91F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C72C50B-12C1-4A1C-B51F-F66244C18CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D3A3D9A-9F63-44FD-BF14-2DC3AE8C0D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56C40572-5FBE-4A39-AF3D-A335873BF660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "844232F0-D524-44E0-B420-2992BC0FED11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D73A9C29-4270-4126-9D6B-3780F6F3D7D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A402F4F2-73BC-49B1-B5DD-9231F090BFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "410D67F4-C941-4CBE-8D82-673217EE7FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45244F02-B71A-4692-BDAD-34C37ACAB676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA73D5CD-0BBC-42EF-9693-265A0566E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0574B440-5004-4F47-B657-1672E9092A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1F128-276F-4883-A93C-D5C7282925DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5392F1-57AC-4208-9646-42098CCEF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D11D64C-6E1F-4014-88D2-F5FB61D66C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "036281DD-6F0A-4810-A1D3-952077896808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2749712C-929A-43F4-B58A-F9F777DBD84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92AD9878-F87D-43AC-BE2B-514977F5A182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A9089A8-55D4-4992-BAC0-FE5BE3E2F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F33E93C3-D4A3-4A38-84E1-0D3CB8915418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A1EE57-D8ED-4A2E-BE71-043E06EA4F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BC400500-F1CF-4D13-A18E-25B5EE70F3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A215C07A-6E8C-4EEB-AD94-68A75BE7DB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9764E3-DA33-4A31-97C7-E523D6DE6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "703FBE7B-CAD4-43B4-920D-DFC28CFFB7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00750678-5A5E-4A75-A405-3D42E1CB147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "31228737-2F7E-434A-B4FE-E1C9BB71D893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A84F1317-E44E-4CD4-8979-DC335AD8B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D358E8-6399-4568-9ECC-CA084B80129C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DC34227-26A7-44C1-B5CB-C7328134316B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2E2701A-489E-4A9C-9E5C-01661E599BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13892E-0D45-438B-A126-439335B47C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E6025382-31C8-4227-B44F-856FD014B283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*",
"matchCriteriaId": "0DAEE2C6-008C-476D-8464-3C616E5CA805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*",
"matchCriteriaId": "688A1BA8-A195-41E9-812D-F4400EFA5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*",
"matchCriteriaId": "177A2158-B36D-4B6D-9FEA-2DF32830AE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A84E1FF-10CB-45AA-B2EC-6FB6E78C6D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83726255-3A94-49A7-A43F-414CA0A814FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72528F09-D212-4CE8-A2B7-7A6CFCB9A199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC99E3-65A4-4BD4-9421-49F9E6D828A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9FB6BA-1281-4097-8A70-62B691468C63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0188A765-4376-4EDC-8070-74B6882253B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "98F95DCC-6B40-42D6-BDA4-8BBE5C4AB4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "28051F65-0862-438F-B4D6-1F7F1B93A76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "344BE33A-2345-48C4-91EB-58C4EC2499B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C38C7220-D25C-4399-A414-0541A44DCD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E69A7B6F-1D33-471D-80B2-37D30817FD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA77C-2D86-4815-905F-78B9B55B4790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4C5D9FD-24AD-4C73-ACA3-924AA2D4C041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "039D01BB-9B67-467B-9E5D-89208C4F9595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7DFEB-9DDF-4DE7-A295-869F810FD5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C0C0F3B5-97EF-4806-AD51-DD201F35F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08D0CC7-7339-4468-9CC6-7007D859160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ACAF81C5-D3B2-4D7E-BD1F-2FFCEDE3E2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3146A017-A6A5-4C3D-8138-EBE552A99F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEECF41-6AFA-4067-ADB4-EA53A6C77740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "271F0ACA-F4F5-4FD9-8F39-56722EE40D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AEAF9BED-896B-4E0D-AE2A-65ADA2B96876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32A45F41-BA2A-4878-82BA-2C1EE3301708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AAEBB11B-AC3A-46C2-94F6-7B68994E47C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A8C554-04E9-4A86-B2CA-12B19BF5BD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CC2E7D4E-2713-4F50-A646-8643FA31C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "295AE899-CE46-4904-AA88-F05D857D50F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC070B60-E90E-432F-AF02-5BCD6CFA8902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6FE1237-4974-4F87-BB44-1608D5879856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14248FC6-A833-4918-AC6D-94DC75E28D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0FA03327-13B9-488D-A1D7-59AB07926B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC53629-1F20-4B22-9465-63250F917007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62F912BF-1512-45E8-9035-750F083D60B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "540F8042-4B26-4078-ACE7-DBAC45D4FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC68FD-F05E-4821-BAA1-5A871C8C39AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6093D29F-64F8-4E3E-B6C4-646D0D6A6B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9424B04A-6262-4E31-BFD3-F5849EF32771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39147BA2-6F85-4E88-A896-B5F5C571A835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A54E95F9-2CFC-43C6-AF6B-44ABC5555C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB53F9D1-14EC-4B00-9A72-E086D2EB27F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4C48AD83-84B9-4A92-8C88-FC4F966644DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39202DF6-359E-4A62-98B4-D42A5F899717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7134E96-F5EF-4E87-9B11-DAA2A1D90761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2A761C15-53E2-4BDC-AF7B-86BCB7F10466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3288F41-D446-4899-9AC7-60EB72145ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44027DC7-1BD6-4F17-AD4F-6D6457B779FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "170DEF44-9D18-4C9E-919F-5B7CC2C7D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1674C43B-51DE-484C-8B87-CF3256589BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEFB68A-9C07-468F-A118-315D8DB21897",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
},
{
"lang": "es",
"value": "El controlador del canal SIP en Asterisk Open Source v1.8.x antes de v1.8.20.2, v10.x antes v10.12.2 y v11.2.2 anterior a v11.x; Certified Asterisk v1.8.15 antes v1.8.15-cert2, Asterisk Business Edition (BE) vC.3.x antes vC.3.8.1 y Digiumphones Asterisk 10.x-digiumphones antes v10.12.2-digiumphones muestra un comportamiento diferente para transacciones INVITE, SUBSCRIBE y REGISTER inv\u00e1lidas en funci\u00f3n de si la cuenta de usuario existe, lo que permite a atacantes remotos para enumerar los nombres de cuenta de (1) los c\u00f3digos de estado HTTP de lectura, (2) la lectura de un texto adicional en un 403 (tambi\u00e9n conocido como Forbidden) respuesta, o (3) observando si se producen ciertas retransmisiones."
}
],
"id": "CVE-2013-2264",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-01T16:55:03.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2186
Vulnerability from fkie_nvd - Published: 2012-08-31 14:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E21DF0C9-16E4-44B0-8749-85F7F245A87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9DBB3-1008-4CC8-B81B-991F286A6C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48300C6F-FAF2-4F0A-959F-4B1801AE7D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA237F1-0378-4B8C-9981-B3B47BCB3C50",
"versionEndIncluding": "1.8.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB76519-FD6D-4D74-8DF7-719822588C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6558058-33DA-43F1-9690-5DA11D5CC713",
"versionEndIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:*:cert5:*:*:*:*:*:*",
"matchCriteriaId": "345918B8-ABB8-4E60-A3AD-C006AD24FEC4",
"versionEndIncluding": "1.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "4889B1B5-5160-476E-A1C0-BEAE63C85CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "62867AEF-D685-4B1F-8AB9-D1CCAC559821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7C792E2-FBBA-4F1D-8842-5E47B4365FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "B14F1E15-52B4-4947-83EA-85D535FFB55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "02461B94-32BA-487E-9E9E-D9B5AAAFF602",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7438E927-F320-4E40-AE4E-F571483A5D2F",
"versionEndIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94539528-4DD3-4BB6-BFFE-920A3937A665",
"versionEndIncluding": "c.3.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17D78AA8-AF67-4343-A9B0-EFC63D8CC4BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en main/manager.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-8.1.11 antes de cert6, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n aprovech\u00e1ndose de los privilegios de origen y proporcionando un valor ExternalIVR en una acci\u00f3n IAM Originate.\r\n"
}
],
"id": "CVE-2012-2186",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T14:55:00.950",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id?1027460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027460"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-2264 (GCVE-0-2013-2264)
Vulnerability from cvelistv5 – Published: 2013-03-29 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2264",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-02-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2186 (GCVE-0-2012-2186)
Vulnerability from cvelistv5 – Published: 2012-08-31 14:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2186",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2726 (GCVE-0-2009-2726)
Vulnerability from cvelistv5 – Published: 2009-08-12 10:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://labs.mudynamics.com/advisories/MU-200908-01.txt",
"refsource": "MISC",
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2726",
"datePublished": "2009-08-12T10:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2264 (GCVE-0-2013-2264)
Vulnerability from nvd – Published: 2013-03-29 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2264",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-02-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2186 (GCVE-0-2012-2186)
Vulnerability from nvd – Published: 2012-08-31 14:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2186",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2726 (GCVE-0-2009-2726)
Vulnerability from nvd – Published: 2009-08-12 10:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://labs.mudynamics.com/advisories/MU-200908-01.txt",
"refsource": "MISC",
"url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
},
{
"name": "ADV-2009-2229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2229"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
},
{
"name": "36015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36015"
},
{
"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
},
{
"name": "1022705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022705"
},
{
"name": "36227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2726",
"datePublished": "2009-08-12T10:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}