← Back

CVE-2014-8417

nvd nist
Published: Nov 24, 2014Modified: May 6, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

Affected (11)

Digium
2 products
Asterisk
Certified Asterisk
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
From 11.0.0 to 11.14.1
Asterisk
From 12.0.0 to 12.7.1
Asterisk
From 13.0.0 to 13.0.1
Configuration B
8 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Certified Asterisk
Version 11.6.0
Certified Asterisk
Version 11.6 cert1
Certified Asterisk
Version 11.6 cert2
Certified Asterisk
Version 11.6 cert3
Certified Asterisk
Version 11.6 cert4
Certified Asterisk
Version 11.6 cert5
Certified Asterisk
Version 11.6 cert6
Certified Asterisk
Version 11.6 cert7

Related CWEs

CWE-264
CWE-264

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.