Executive Summary

Informations
Name CVE-2012-4737 First vendor Publication 2012-08-31
Vendor Cve Last vendor Modification 2013-04-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4737

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20005
 
Oval ID: oval:org.mitre.oval:def:20005
Title: DSA-2550-1 asterisk - several
Description: Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2550-1
CVE-2012-2186
CVE-2012-3812
CVE-2012-3863
CVE-2012-4737
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): asterisk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29135
 
Oval ID: oval:org.mitre.oval:def:29135
Title: DSA-2550-2 -- asterisk -- several vulnerabilities
Description: Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2550-2
CVE-2012-2186
CVE-2012-3812
CVE-2012-3863
CVE-2012-4737
 Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): asterisk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 137
Application 7

OpenVAS Exploits

Date Description
2012-10-03 Name : Debian Security Advisory DSA 2550-2 (asterisk)
File : nvt/deb_2550_2.nasl
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-15 (asterisk)
File : nvt/glsa_201209_15.nasl
2012-09-23 Name : Debian Security Advisory DSA 2550-1 (asterisk)
File : nvt/deb_2550_1.nasl
2012-08-30 Name : FreeBSD Ports: asterisk
File : nvt/freebsd_asterisk2.nasl

Nessus® Vulnerability Scanner

Date Description
2012-09-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-15.nasl - Type : ACT_GATHER_INFO
2012-09-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2550.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : A telephony application running on the remote host is affected by a security ...
File : asterisk_ast_2012_013.nasl - Type : ACT_GATHER_INFO
2012-08-31 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4c53f007f2ed11e1a21514dae9ebcf89.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/55335
CONFIRM http://downloads.asterisk.org/pub/security/AST-2012-013.html
DEBIAN http://www.debian.org/security/2012/dsa-2550
SECTRACK http://www.securitytracker.com/id?1027461
SECUNIA http://secunia.com/advisories/50687
http://secunia.com/advisories/50756

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:21:44
  • Multiple Updates
2021-04-22 01:25:52
  • Multiple Updates
2020-05-23 00:34:45
  • Multiple Updates
2016-04-26 22:17:20
  • Multiple Updates
2014-02-17 11:13:34
  • Multiple Updates
2013-05-10 22:46:53
  • Multiple Updates
2013-04-19 13:20:52
  • Multiple Updates
2013-02-14 13:24:56
  • Multiple Updates
2013-01-30 13:23:45
  • Multiple Updates