Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-2414 | First vendor Publication | 2012-04-30 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-30 | Name : Fedora Update for asterisk FEDORA-2012-6704 File : nvt/gb_fedora_2012_6704_asterisk_fc17.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-05 (Asterisk) File : nvt/glsa_201206_05.nasl |
| 2012-05-08 | Name : Fedora Update for asterisk FEDORA-2012-6724 File : nvt/gb_fedora_2012_6724_asterisk_fc15.nasl |
| 2012-05-04 | Name : Fedora Update for asterisk FEDORA-2012-6612 File : nvt/gb_fedora_2012_6612_asterisk_fc16.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2460-1 (asterisk) File : nvt/deb_2460_1.nasl |
| 2012-04-30 | Name : FreeBSD Ports: asterisk16 File : nvt/freebsd_asterisk160.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Digium Asterisk Manager command shell execution attempt RuleID : 23210 - Revision : 9 - Type : PROTOCOL-VOIP |
| 2014-01-10 | Digium Asterisk Manager command shell execution attempt RuleID : 23209 - Revision : 9 - Type : PROTOCOL-VOIP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-05.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6704.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6724.nasl - Type : ACT_GATHER_INFO |
| 2012-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6612.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : A telephony application running on the remote host is affected by a privilege... File : asterisk_ast_2012_004.nasl - Type : ACT_GATHER_INFO |
| 2012-04-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2460.nasl - Type : ACT_GATHER_INFO |
| 2012-04-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1c5abbe28d7f11e1a37414dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:02:09 |
|
| 2024-11-28 12:29:58 |
|
| 2021-05-04 12:19:56 |
|
| 2021-04-22 01:23:40 |
|
| 2020-05-23 00:33:38 |
|
| 2017-12-14 09:21:25 |
|
| 2017-12-13 09:22:31 |
|
| 2016-04-26 21:49:21 |
|
| 2014-02-17 11:10:21 |
|
| 2014-01-19 21:28:44 |
|
| 2013-05-10 22:39:24 |
|
| 2012-12-29 13:20:30 |
|
| 2012-12-19 13:25:09 |
|
