CVE-2014-8412

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
digiumcertified_asterisk
1.8.28:cert1
digiumcertified_asterisk
1.8.28:cert2
digiumcertified_asterisk
1.8.28.0
digiumcertified_asterisk
11.6:cert1
digiumcertified_asterisk
11.6:cert2
digiumcertified_asterisk
11.6:cert3
digiumcertified_asterisk
11.6:cert4
digiumcertified_asterisk
11.6:cert5
digiumcertified_asterisk
11.6:cert6
digiumcertified_asterisk
11.6:cert7
digiumcertified_asterisk
11.6.0
digiumasterisk
1.8.0 ≤
𝑥
< 1.8.32.1
digiumasterisk
11.0.0 ≤
𝑥
< 11.14.1
digiumasterisk
12.0.0 ≤
𝑥
< 12.7.1
digiumasterisk
13.0.0 ≤
𝑥
< 13.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
ignored
trusty
dne
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2014-012.html
http://downloads.asterisk.org/pub/security/AST-2014-012.html