NVD

Id
44026  
Name
CVE-2012-2186  
Description
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.  
Reject
 
CVSS Version
2  
CVSS Score
9  
Severity
High  
CVSS Base Score
9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2012-08-31  
Modified Date
2013-04-18  
Seq
2012-2186  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
221272 44026 CVE-2012-2186 http://downloads.asterisk.org/pub/security/AST-2012-012.html  View
221273 44026 CVE-2012-2186 DSA-2550  View
221274 44026 CVE-2012-2186 1027460  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28313 JVNDB-2012-004020 複数の Asterisk 製品 の main/manager.c における任意のコマンドを実行される脆弱性 複数の Asterisk 製品 の main/manager.c には、不完全なブラックリストにより、任意のコマンドを実行される脆弱性が存在します。 CVE-2012-2186 55424 CVE-2012-2186 44026 9 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004020.html 2012-08-30 2012-11-08 View