Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2186

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2012-2186
Last Modified 18 Apr 2013 11:21:20
Published 31 Aug 2012 10:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-2186

Summary

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.

Vulnerable Systems

Application

  • Asterisk Business Edition C.3.0

  • Asterisk Business Edition C.3.7.5

  • Asterisk Digiumphones 10.7.0

  • Asterisk Open Source 1.8.0

  • Asterisk Open Source 1.8.1

  • Asterisk Open Source 1.8.1.1

  • Asterisk Open Source 1.8.1.2

  • Asterisk Open Source 1.8.10.0

  • Asterisk Open Source 1.8.10.1

  • Asterisk Open Source 1.8.11.0

  • Asterisk Open Source 1.8.11.1

  • Asterisk Open Source 1.8.12

  • Asterisk Open Source 1.8.12.0

  • Asterisk Open Source 1.8.15.0

  • Asterisk Open Source 1.8.2

  • Asterisk Open Source 1.8.2.1

  • Asterisk Open Source 1.8.2.2

  • Asterisk Open Source 1.8.2.3

  • Asterisk Open Source 1.8.2.4

  • Asterisk Open Source 1.8.3

  • Asterisk Open Source 1.8.3.1

  • Asterisk Open Source 1.8.3.2

  • Asterisk Open Source 1.8.3.3

  • Asterisk Open Source 1.8.4

  • Asterisk Open Source 1.8.4.1

  • Asterisk Open Source 1.8.4.2

  • Asterisk Open Source 1.8.4.3

  • Asterisk Open Source 1.8.4.4

  • Asterisk Open Source 1.8.5

  • Asterisk Open Source 1.8.5.0

  • Asterisk Open Source 1.8.6.0

  • Asterisk Open Source 1.8.7

  • Asterisk Open Source 1.8.7.0

  • Asterisk Open Source 1.8.7.1

  • Asterisk Open Source 1.8.7.2

  • Asterisk Open Source 1.8.8.0

  • Asterisk Open Source 1.8.8.1

  • Asterisk Open Source 1.8.8.2

  • Asterisk Open Source 1.8.9.0

  • Asterisk Open Source 1.8.9.1

  • Asterisk Open Source 1.8.9.2

  • Asterisk Open Source 1.8.9.3

  • Asterisk Open Source 10.0.0

  • Asterisk Open Source 10.0.1

  • Asterisk Open Source 10.1.0

  • Asterisk Open Source 10.1.1

  • Asterisk Open Source 10.1.2

  • Asterisk Open Source 10.1.3

  • Asterisk Open Source 10.2.0

  • Asterisk Open Source 10.2.1

  • Asterisk Open Source 10.3

  • Asterisk Open Source 10.3.0

  • Asterisk Open Source 10.3.1

  • Asterisk Open Source 10.4.0

  • Asterisk Open Source 10.7.0

  • Certified Asterisk 1.8.11


References

CONFIRM - http://downloads.asterisk.org/pub/security/AST-2012-012.html

DEBIAN - DSA-2550

SECTRACK - 1027460

SECUNIA - 50756

SECUNIA - 50687


Last Updated: 27 May 2016 11:00:25