CVE-2014-8413

EUVD-2014-8250
The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
digiumasterisk
12.0.0 ≤
𝑥
< 12.7.1
digiumasterisk
13.0.0 ≤
𝑥
< 13.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
jessie
not-affected
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
squeeze
not-affected
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
lucid
ignored
precise
not-affected
trusty
dne
utopic
not-affected
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2014-013.html
http://downloads.asterisk.org/pub/security/AST-2014-013.html