fkie_cve-2012-2414
Vulnerability from fkie_nvd
Published
2012-04-30 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1442DC6C-2248-41E7-BDB4-084B123A6B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F1A4AAE7-00D5-490B-AA19-A42508ECBC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DC64764B-C531-419C-8BB8-30C5F63C7EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7A5F9E61-B614-4C47-82AC-D16B457C266C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "20FE8D05-A577-4EEC-ABBA-8051582975F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4A216714-9F2B-45D7-B2A7-1F67751EA967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "42417475-610C-4A81-8B02-794640F8DDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5A259435-BBB8-453B-82D3-2E4EE3BD9371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5834D5D3-F6FD-44C0-B7C1-34D715141A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F894080-DE73-4005-B2FE-E431F38D7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F70BA9D-6EDA-4859-90D1-EB69B48C2B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "33428429-33B5-4312-97E3-9A4B8A8F4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6E2126-B737-4C88-A66A-B88CB16476D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E6992A-73EB-401D-A905-D53313F28727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31C3345E-4260-4636-83DB-887F0733D7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "95C61533-C030-4B97-A94C-E44315BB6FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91D670A7-2D38-4C50-96C2-3F3CA0F43515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39C637DF-5963-4C7C-8EF1-9A44E94AFE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8452C108-EF47-4C57-A505-D5B5AD5B1C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "40411DE4-CBDB-40D2-95A2-800EB554D1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "519DF434-8CF5-4F5E-80EF-4BBDA94DCD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DD7471-1DA5-44EC-BD21-B0E0BFC58B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9520C54-8FD9-45FC-B64F-4E06D7E3E66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9226B072-E5CF-40F7-B48D-8982054D1D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AC3B7AB5-FDC5-4175-B519-F749BE62AF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7CA9765-F31C-41CF-9911-02E4309715E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A7A94C77-0762-45E8-9869-98D0E5F164E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0D2EE6-EDB9-4A0C-B31E-0B941DB912D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FDC7A9FA-5424-4A04-94D2-079FAF09BD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "952F6925-EE1F-49EC-84A6-53A1A375FDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "83E972B3-9787-47C9-9420-C66AE9C48CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F90ABE6-6B41-49BD-84BA-69A7BFEC23E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C76827E-FA7E-42D3-A8E0-12566B461AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C35260-7A25-4259-B158-D5F825DB881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16F66401-3A90-440F-88FD-C738806D168F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E323B610-AC45-4D24-87B9-0092AA9EFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA54B75D-08C0-4182-8345-266240396A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7B9A8A55-2D6B-4434-BBD1-C7D80D0132C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDA8DC8-7299-4DC5-9426-524F6EEF75F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37C926F8-EC9F-49DD-8490-621843D41946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4795C86-CC4A-462A-B87A-FD32EA2889C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C03CED60-D582-493B-8D7C-FB3CB81D3647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8FFBAFC0-B9C6-40F3-B7EF-DE6F23F8D644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35358757-6A14-48A0-BE40-B05F9A7451A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9B2CD0-0C61-4C9C-8B42-EA64D22BBE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "13D262E7-7A67-4622-8416-748519C80CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0DCFB72-505A-486E-A096-87AB639F4710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C44F91FC-DC0C-4BB9-9FD0-1C7AAEA3D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0316776E-CD3B-4DEF-ABCA-5806A398E327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E83FA56-DC43-4E3F-B9EB-136DE64E78A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5646D4C3-8491-4735-97A6-26688523512F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90F7E035-9464-4921-8859-5854D47347B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE2F8D1-EC83-4CD8-A565-F59DCEC71120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4B763606-23A8-4159-9ECF-0766B13E8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56E892-06D2-496A-ADFD-CBEC70DA1E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01FF3C-5BA1-4758-97B4-633A20AB4C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7A201AA6-B612-476C-9555-870B58FE3169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7889CE9-E2AB-4590-B447-ACCB21CB8E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "981A63D1-B6E2-4A38-8FB6-883E08BCE12F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF33946-9E1F-4992-BA76-46227BDC1885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB9FF6-100C-4643-9E34-9EC43F214C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4A30A7DF-2754-4C03-92F7-0028613C7165",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
},
{
"lang": "es",
"value": "main/manager.c en el Manager Interface en Asterisk Open source v1.6.2.x anterior a v1.6.2.24, v1.8.x anterior a v1.8.11.1, y v10.x anterior a v10.3.1 y Asterisk Business Edition C.3.x anterior a C .3.7.4 no asegura adecuadamente los requisitos de autorizaci\u00f3n de la clase System, permitiendo a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) la acci\u00f3n origen en la aplicaci\u00f3n MixMonitor, (2) la SHELL y funciones EVAL en el gestor de acci\u00f3n GetVar, o (3) la SHELL y funciones EVAL en el gestor de acci\u00f3n Status."
}
],
"id": "CVE-2012-2414",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-30T20:55:02.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81454"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48941"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…