6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.8%
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x
before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk
Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk
Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during
certain uses of peer credentials, which allows remote authenticated users
to bypass intended outbound-call restrictions by leveraging the
availability of these credentials.