[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-7617

Date: (C)2017-04-11   (M)2017-12-05 


Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

CVSS Score: 6.5Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-97377
http://downloads.asterisk.org/pub/security/AST-2017-001.html
https://bugs.debian.org/859910

CPE    57
cpe:/a:digium:asterisk:14.0
cpe:/a:digium:asterisk:14.1
cpe:/a:digium:asterisk:14.2
cpe:/a:digium:asterisk:13.3.2
...
CWE    1
CWE-119

© 2013 SecPod Technologies