{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"name": "39096", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39096"}, {"name": "1023637", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023637"}, {"name": "FEDORA-2010-3724", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"name": "20100218 AST-2010-002: Dialplan injection vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"name": "38641", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38641"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"name": "ADV-2010-0439", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"name": "asterisk-dial-weak-security(56397)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2010-0685", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt", "refsource": "MISC", "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"name": "39096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39096"}, {"name": "1023637", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023637"}, {"name": "FEDORA-2010-3724", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"name": "20100218 AST-2010-002: Dialplan injection vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"name": "38641", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38641"}, {"name": "http://downloads.digium.com/pub/security/AST-2010-002.html", "refsource": "CONFIRM", "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"name": "ADV-2010-0439", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"name": "asterisk-dial-weak-security(56397)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:38.329Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"name": "39096", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39096"}, {"name": "1023637", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1023637"}, {"name": "FEDORA-2010-3724", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"name": "20100218 AST-2010-002: Dialplan injection vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"name": "38641", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38641"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"name": "ADV-2010-0439", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"name": "asterisk-dial-weak-security(56397)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0685", "datePublished": "2010-02-23T20:00:00", "dateReserved": "2010-02-22T00:00:00", "dateUpdated": "2024-08-07T00:59:38.329Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*", "matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*", "matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*", "matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*", "matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*", "matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*", "matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*", "matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*", "matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*", "matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*", "matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*", "matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*", "matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*", "matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*", "matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*", "matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*", "matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*", "matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*", "matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*", "matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*", "matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*", "matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*", "matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*", "matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*", "matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*", "matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*", "matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*", "matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*", "matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*", "matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*", "matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*", "matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*", "matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*", "matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*", "matchCriteriaId": "CF11B38A-12D7-453A-870D-CDC2DE9313CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*", "matchCriteriaId": "9D69ACB7-CF9A-40B5-819E-58DA884D4E1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3", "vulnerable": false}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B", "vulnerable": false}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*", "matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*", "matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*", "matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*", "matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*", "matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*", "matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*", "matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*", "matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*", "matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*", "matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*", "matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*", "matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*", "matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*", "matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*", "matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*", "matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*", "matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*", "matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*", "matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*", "matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*", "matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*", "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*", "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."}, {"lang": "es", "value": "El dise\u00f1o de la funcionalidad dialplan en Asterisk Open Source v1.2.x, v1.4.x, y v1.6.x; y Asterisk Business Edition vB.x.x y vC.x.x,cuando se utiliza la variable de canal $ (EXTEN) y coincidencias de patron comod\u00edn, permite a atacantes dependiendo del contexto, inyectar cadenas en dialplan utilizando metacaracteres que son inyectados cuando la variable es expandida, como se demuestra utilizando la aplicaci\u00f3n Dial en un proceso en el que el mensaje SIP INVITE esta manipulado el cual a\u00f1ade un canal de salida no previsto. NOTA: Podr\u00eda argumentarse que esto no es una vulnerabilidad en Asterisk, pero hay un tipo de vulnerabilidades que pueden producirse en cualquier programa que utilice esta caracter\u00edstica sin la funcionalidad de filtrado correspondiente que actualmente esta disponible."}], "id": "CVE-2010-0685", "lastModified": "2024-11-21T01:12:44.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-23T20:30:00.780", "references": [{"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"source": "[email protected]", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38641"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/39096"}, {"source": "[email protected]", "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id?1023637"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38641"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1023637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}

{}