Lucene search

MitreCVE-2006-4346

HistoryAug 24, 2006 - 8:04 p.m.

CVE-2006-4346

2006-08-2420:04:00

mitre

web.nvd.nist.gov

asterisk

record function

remote code execution

cve-2006-4346

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.077

Percentile

94.2%

JSON

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.

Affected configurations

Nvd

Node

digiumasteriskMatch1.2.10

VendorProductVersionCPE
digiumasterisk1.2.10cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
digium	asterisk	1.2.10	cpe:2.3:a:digium:asterisk:1.2.10:::::::*

References

labs.musecurity.com/advisories/MU-200608-01.txt

secunia.com/advisories/22651

securitytracker.com/id?1016742

www.gentoo.org/security/en/glsa/glsa-200610-15.xml

www.securityfocus.com/archive/1/444322/100/0/threaded

www.securityfocus.com/bid/19683

www.sineapps.com/news.php?rssid=1448

www.vupen.com/english/advisories/2006/3372

exchange.xforce.ibmcloud.com/vulnerabilities/28544

exchange.xforce.ibmcloud.com/vulnerabilities/28564

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.077

Percentile

94.2%

JSON

Related for CVE-2006-4346