Lucene search

[email protected]CVE-2013-4468

HistoryMay 14, 2014 - 7:55 p.m.

CVE-2013-4468

2014-05-1419:55:10

[email protected]

web.nvd.nist.gov

cve-2013-4468

vicidial

asterisk gui client

remote code execution

shell metacharacters

originatevdrelogin action

manager_send.php

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.33 Low

EPSS

Percentile

97.1%

JSON

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.

Affected configurations

NVD

Node

vicidialvicidialRange≤2.8403a

vicidialvicidialMatch2.7-

vicidialvicidialMatch2.7rc1

CPENameOperatorVersion
vicidial:vicidialvicidialle2.8
vicidial:vicidialvicidialeq2.7

CPE	Name	Operator	Version
vicidial:vicidial	vicidial	le	2.8
vicidial:vicidial	vicidial	eq	2.7

References

www.exploit-db.com/exploits/29513

www.openwall.com/lists/oss-security/2013/10/23/10

www.openwall.com/lists/oss-security/2013/10/25/1

adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.33 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2013-4468

checkpoint_advisories1 prion1 cvelist1 nvd1 packetstorm1 openvas1