Lucene search
MitreCVELIST:CVE-2017-14100HistorySep 02, 2017 - 4:00 p.m.
CVE-2017-14100
2017-09-0216:00:00
mitre
www.cve.org
1
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an “externnotify” program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
Related
cve
cve
CVE-2017-14100
2017-09-02 16:29:00
osv
osv
asterisk - security update
2017-10-05 00:00:00
CVE-2017-14100
2017-09-02 16:29:00
asterisk - security update
2017-09-04 00:00:00
debian
debian
[SECURITY] [DLA 1122-1] asterisk security update
2017-10-05 13:03:23
[SECURITY] [DSA 3964-1] asterisk security update
2017-09-04 21:32:18
openvas
openvas
Debian: Security Advisory (DLA-1122-1)
2018-02-06 00:00:00
Debian: Security Advisory (DSA-3964-1)
2017-09-03 00:00:00
Asterisk Multiple Vulnerabilities (Aug 2017)
2017-09-01 00:00:00
nessus
nessus
Debian DLA-1122-1 : asterisk security update
2017-10-06 00:00:00
Debian DSA-3964-1 : asterisk - security update
2017-09-05 00:00:00
nvd
nvd
CVE-2017-14100
2017-09-02 16:29:00
debiancve
debiancve
CVE-2017-14100
2017-09-02 16:29:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
2017-10-08 00:00:00
ubuntucve
ubuntucve
CVE-2017-14100
2017-09-02 00:00:00
prion
prion
Command injection
2017-09-02 16:29:00
freebsd
freebsd
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2017-10-29 00:00:00