CVE-2014-8412

Published: Nov 24, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

Affected (15)

Products: Digium: Certified Asterisk, Asterisk

Digium

2 products

Certified Asterisk

Asterisk

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Digium Certified Asterisk	Version 1.8.28.0
Digium Certified Asterisk	Version 1.8.28 cert1
Digium Certified Asterisk	Version 1.8.28 cert2
Digium Certified Asterisk	Version 11.6.0
Digium Certified Asterisk	Version 11.6 cert1
Digium Certified Asterisk	Version 11.6 cert2
Digium Certified Asterisk	Version 11.6 cert3
Digium Certified Asterisk	Version 11.6 cert4
Digium Certified Asterisk	Version 11.6 cert5
Digium Certified Asterisk	Version 11.6 cert6
Digium Certified Asterisk	Version 11.6 cert7

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Digium Asterisk	From 1.8.0 to 1.8.32.1
Digium Asterisk	From 11.0.0 to 11.14.1
Digium Asterisk	From 12.0.0 to 12.7.1
Digium Asterisk	From 13.0.0 to 13.0.1

Related CWEs

CWE-264

References (2)

http://downloads.asterisk.org/pub/security/AST-2014-012.html

Source: cve@mitre.org

Vendor Advisory

http://downloads.asterisk.org/pub/security/AST-2014-012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.