VAR-201709-0712
Vulnerability from variot - Updated: 2023-12-18 13:24An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. The Asterisk GUI is a framework for configuring graphical user interfaces. Digium Asterisk GUI is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Asterisk GUI 2.1.0 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk gui",
"scope": "lte",
"trust": 1.8,
"vendor": "digium",
"version": "2.1.0"
},
{
"model": "asterisk gui",
"scope": "lte",
"trust": 0.6,
"vendor": "digium",
"version": "\u003c=2.1.0"
},
{
"model": "asterisk gui",
"scope": "eq",
"trust": 0.6,
"vendor": "digium",
"version": "2.1.0"
},
{
"model": "asterisk gui",
"scope": "eq",
"trust": 0.3,
"vendor": "digium",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "asterisk gui",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk_gui:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec",
"sources": [
{
"db": "BID",
"id": "100950"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
],
"trust": 0.9
},
"cve": "CVE-2017-14001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14001",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27939",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14001",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14001",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-27939",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. The Asterisk GUI is a framework for configuring graphical user interfaces. Digium Asterisk GUI is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nAsterisk GUI 2.1.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14001",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-264-03",
"trust": 3.3
},
{
"db": "BID",
"id": "100950",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-27939",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554",
"trust": 0.8
},
{
"db": "IVD",
"id": "A65C0F37-5815-4893-B0C3-0C14C3B1B227",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"id": "VAR-201709-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
}
]
},
"last_update_date": "2023-12-18T13:24:19.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.digium.com/"
},
{
"title": "Patch for Digium Asterisk GUI OS Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/102623"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-264-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100950"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14001"
},
{
"trust": 0.3,
"url": "https://www.digium.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100950"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"date": "2017-09-26T02:29:00.187000",
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"date": "2017-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100950"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"date": "2019-10-09T23:23:42.310000",
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium Asterisk GUI OS Command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…