Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4468

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2013-4468
Last Modified 15 May 2014 09:16:33
Published 14 May 2014 03:55:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-4468

Summary

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.

Vulnerable Systems

Application

  • Vicidial 2.7

  • Vicidial 2.8


References

MISC - https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/

MLIST - [oss-security] 20131024 Re: VICIDIAL 2.7 - SQL Injection, Command Injection

MLIST - [oss-security] 20131023 VICIDIAL 2.7 - SQL Injection, Command Injection

EXPLOIT-DB - 29513


Last Updated: 27 May 2016 10:50:04