Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2010-0685
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- None
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:* | No | - | - | |
cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:* | No | - | - | |
cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:* |
Yes
|
- | - |
References
- http://secunia.com/advisories/38641
- http://www.securitytracker.com/id?1023637
- http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt
- http://downloads.digium.com/pub/security/AST-2010-002.html
- http://www.vupen.com/english/advisories/2010/0439
- http://secunia.com/advisories/39096
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56397
- http://www.securityfocus.com/archive/1/509608/100/0/threaded