CVE-2014-8417
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
24/11/2014
Last modified:
12/04/2025
Description
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* | 11.0.0 (including) | 11.14.1 (excluding) |
| cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* | 12.0.0 (including) | 12.7.1 (excluding) |
| cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* | 13.0.0 (including) | 13.0.1 (excluding) |
| cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page