VAR-201911-1169
Vulnerability from variot - Updated: 2023-12-18 12:27An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All releases
Asterisk Open Source 16.x All releases
Asterisk Open Source 17.x All releases
Certified Asterisk 13.21 All releases
Corrected In
Product Release
Asterisk Open Source 13.29.2
Asterisk Open Source 16.6.2
Asterisk Open Source 17.0.1
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16
http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17
http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28580
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2019-007.pdf and
http://downloads.digium.com/pub/security/AST-2019-007.html
Revision History
Date Editor Revisions Made
October 24, 2019 George Joseph Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory - AST-2019-007
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "16.6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.2"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "16.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "17.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.21 to 13.21-cert4"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=16.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=17.*"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.6,
"vendor": "sangoma",
"version": "13.21"
},
{
"model": "certified asterisk 13.21-cert4",
"scope": null,
"trust": 0.6,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gjoseph",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"cve": "CVE-2019-18610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-18610",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-03060",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18610",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18610",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All releases \n Asterisk Open Source 16.x All releases \n Asterisk Open Source 17.x All releases \n Certified Asterisk 13.21 All releases \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Asterisk Open Source 16.6.2 \n Asterisk Open Source 17.0.1 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16 \n http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17 \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28580 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2019-007.pdf and \n http://downloads.digium.com/pub/security/AST-2019-007.html \n\n Revision History\n Date Editor Revisions Made \n October 24, 2019 George Joseph Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory - AST-2019-007\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "PACKETSTORM",
"id": "155435"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18610",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"id": "VAR-201911-1169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
]
},
"last_update_date": "2023-12-18T12:27:54.873000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "AST-2019-007",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"title": "[SECURITY] [DLA 2017-1] asterisk security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/196957"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=104055"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18610"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18610"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2019/nov/19"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html second message url unavailable at time of publishing"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-privilege-escalation-via-ami-originate-request-30936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155435/asterisk-project-security-advisory-ast-2019-007.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.pdf"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.html"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-17.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28580"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-16.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2019-11-21T23:30:33",
"db": "PACKETSTORM",
"id": "155435"
},
{
"date": "2019-11-22T18:15:11.030000",
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2022-06-03T14:34:50.917000",
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…