CVE-2014-8413

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
digiumasterisk
12.0.0 ≤
𝑥
< 12.7.1
digiumasterisk
13.0.0 ≤
𝑥
< 13.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
jessie
not-affected
wheezy
not-affected
squeeze
not-affected
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
utopic
not-affected
trusty
dne
precise
not-affected
lucid
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2014-013.html
http://downloads.asterisk.org/pub/security/AST-2014-013.html