{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"name": "39096", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39096"}, {"name": "1023637", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023637"}, {"name": "FEDORA-2010-3724", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"name": "20100218 AST-2010-002: Dialplan injection vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"name": "38641", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38641"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"name": "ADV-2010-0439", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"name": "asterisk-dial-weak-security(56397)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0685", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt", "refsource": "MISC", "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"name": "39096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39096"}, {"name": "1023637", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023637"}, {"name": "FEDORA-2010-3724", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"name": "20100218 AST-2010-002: Dialplan injection vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"name": "38641", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38641"}, {"name": "http://downloads.digium.com/pub/security/AST-2010-002.html", "refsource": "CONFIRM", "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"name": "ADV-2010-0439", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"name": "asterisk-dial-weak-security(56397)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:38.329Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"name": "39096", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39096"}, {"name": "1023637", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1023637"}, {"name": "FEDORA-2010-3724", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"name": "20100218 AST-2010-002: Dialplan injection vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"name": "38641", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38641"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"name": "ADV-2010-0439", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"name": "asterisk-dial-weak-security(56397)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0685", "datePublished": "2010-02-23T20:00:00", "dateReserved": "2010-02-22T00:00:00", "dateUpdated": "2024-08-07T00:59:38.329Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*", "matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*", "matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*", "matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*", "matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*", "matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*", "matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*", "matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*", "matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*", "matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*", "matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*", "matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*", "matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*", "matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*", "matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*", "matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*", "matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*", "matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*", "matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*", "matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*", "matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*", "matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*", "matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*", "matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*", "matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*", "matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*", "matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*", "matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*", "matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*", "matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*", "matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*", "matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*", "matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*", "matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*", "matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*", "matchCriteriaId": "CF11B38A-12D7-453A-870D-CDC2DE9313CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*", "matchCriteriaId": "9D69ACB7-CF9A-40B5-819E-58DA884D4E1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3", "vulnerable": false}, {"criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B", "vulnerable": false}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*", "matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*", "matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*", "matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*", "matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*", "matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*", "matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*", "matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*", "matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*", "matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*", "matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*", "matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*", "matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*", "matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*", "matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*", "matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*", "matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*", "matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*", "matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*", "matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*", "matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*", "matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*", "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*", "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."}, {"lang": "es", "value": "El dise\u00f1o de la funcionalidad dialplan en Asterisk Open Source v1.2.x, v1.4.x, y v1.6.x; y Asterisk Business Edition vB.x.x y vC.x.x,cuando se utiliza la variable de canal $ (EXTEN) y coincidencias de patron comod\u00edn, permite a atacantes dependiendo del contexto, inyectar cadenas en dialplan utilizando metacaracteres que son inyectados cuando la variable es expandida, como se demuestra utilizando la aplicaci\u00f3n Dial en un proceso en el que el mensaje SIP INVITE esta manipulado el cual a\u00f1ade un canal de salida no previsto. NOTA: Podr\u00eda argumentarse que esto no es una vulnerabilidad en Asterisk, pero hay un tipo de vulnerabilidades que pueden producirse en cualquier programa que utilice esta caracter\u00edstica sin la funcionalidad de filtrado correspondiente que actualmente esta disponible."}], "id": "CVE-2010-0685", "lastModified": "2018-10-10T19:53:22.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-23T20:30:00.780", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38641"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/39096"}, {"source": "cve@mitre.org", "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1023637"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0439"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}