CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-8413

HIGH
7.5
CVSS Severity Score
EPSS Score0.0760%
EPSS Percentile41.63th
Published2014年11月24日
Last Modified2026年5月6日

Vulnerability Description

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.

Affected Platforms (CPE)

📦
Digium

Asterisk

>= 12.0.0 and < 12.7.1
📦
Digium

Asterisk

>= 13.0.0 and < 13.0.1

References & Advisories

🔗 http://downloads.asterisk.org/pub/security/AST-2014-013.html
🔗 http://downloads.asterisk.org/pub/security/AST-2014-013.html

相关漏洞威胁

CVE-2007-248810.0

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attacke...

CVE-2017-141009.8

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13...

CVE-2008-13909.3

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x b...

CVE-2007-37629.3

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edit...