channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:M/Au:S/C:P/I:P/A:P
Vendors | Products |
---|---|
Digium |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2012-08-31T14:00:00
Updated: 2012-10-31T09:00:00
Reserved: 2012-08-30T00:00:00
Link: CVE-2012-4737
JSON object: View
NVD Information
Status : Modified
Published: 2012-08-31T14:55:01.387
Modified: 2013-04-19T03:25:34.037
Link: CVE-2012-4737
JSON object: View
Redhat Information
No data.
CWE