CVE-2014-8418

Published: Nov 24, 2014Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

Affected (19)

Products: Digium: Certified Asterisk, Asterisk

Digium

2 products

Certified Asterisk

Asterisk

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Digium Certified Asterisk	Version 1.8.28
Digium Certified Asterisk	Version 1.8.28 cert1-rc1
Digium Certified Asterisk	Version 1.8.28 cert1
Digium Certified Asterisk	Version 1.8.28 cert2
Digium Certified Asterisk	Version 1.8.28 cert2
Digium Certified Asterisk	Version 1.8.28 cert3
Digium Certified Asterisk	Version 1.8.28 cert4
Digium Certified Asterisk	Version 1.8.28 cert5
Digium Certified Asterisk	Version 11.6.0
Digium Certified Asterisk	Version 11.6 cert1
Digium Certified Asterisk	Version 11.6 cert2
Digium Certified Asterisk	Version 11.6 cert3
Digium Certified Asterisk	Version 11.6 cert4
Digium Certified Asterisk	Version 11.6 cert5
Digium Certified Asterisk	Version 11.6 cert6
Digium Certified Asterisk	Version 11.6 cert7

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Digium Asterisk	From 1.8.0 to 1.8.32.0
Digium Asterisk	From 11.0.0 to 11.14.1
Digium Asterisk	From 12.0.0 to 12.7.1

Related CWEs

CWE-264

References (2)

http://downloads.asterisk.org/pub/security/AST-2014-018.html

Source: cve@mitre.org

Vendor Advisory

http://downloads.asterisk.org/pub/security/AST-2014-018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.