Attacker Value
Unknown
CVE-2017-14100
Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
CVE-2017-14100
(Last updated November 26, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an “externnotify” program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown
General Information
Vendors
- digium
Products
- asterisk 11.0.0,
- asterisk 11.0.1,
- asterisk 11.0.2,
- asterisk 11.1.0,
- asterisk 11.1.1,
- asterisk 11.1.2,
- asterisk 11.10.0,
- asterisk 11.10.1,
- asterisk 11.10.2,
- asterisk 11.11.0,
- asterisk 11.12.0,
- asterisk 11.12.1,
- asterisk 11.13.0,
- asterisk 11.13.1,
- asterisk 11.14.0,
- asterisk 11.14.1,
- asterisk 11.14.2,
- asterisk 11.15.0,
- asterisk 11.15.1,
- asterisk 11.16.0,
- asterisk 11.17.0,
- asterisk 11.17.1,
- asterisk 11.18.0,
- asterisk 11.19.0,
- asterisk 11.2.0,
- asterisk 11.2.1,
- asterisk 11.2.2,
- asterisk 11.20.0,
- asterisk 11.21.0,
- asterisk 11.21.1,
- asterisk 11.21.2,
- asterisk 11.22.0,
- asterisk 11.23.0,
- asterisk 11.23.1,
- asterisk 11.24.0,
- asterisk 11.24.1,
- asterisk 11.25.0,
- asterisk 11.25.1,
- asterisk 11.4.0,
- asterisk 11.6.0,
- asterisk 11.6.1,
- asterisk 11.7.0,
- asterisk 11.8.0,
- asterisk 11.8.1,
- asterisk 11.9.0,
- asterisk 13.0.0,
- asterisk 13.0.1,
- asterisk 13.0.2,
- asterisk 13.1.0,
- asterisk 13.1.1,
- asterisk 13.10.0,
- asterisk 13.11.0,
- asterisk 13.11.1,
- asterisk 13.11.2,
- asterisk 13.12,
- asterisk 13.12.0,
- asterisk 13.12.1,
- asterisk 13.12.2,
- asterisk 13.13,
- asterisk 13.13.0,
- asterisk 13.13.1,
- asterisk 13.14.0,
- asterisk 13.14.1,
- asterisk 13.15.0,
- asterisk 13.15.1,
- asterisk 13.16.0,
- asterisk 13.17.0,
- asterisk 13.2.0,
- asterisk 13.2.1,
- asterisk 13.3.0,
- asterisk 13.3.2,
- asterisk 13.4.0,
- asterisk 13.5.0,
- asterisk 13.6.0,
- asterisk 13.7.0,
- asterisk 13.7.1,
- asterisk 13.7.2,
- asterisk 13.8.0,
- asterisk 13.8.1,
- asterisk 13.8.2,
- asterisk 13.9.0,
- asterisk 13.9.1,
- asterisk 14.0,
- asterisk 14.0.0,
- asterisk 14.0.1,
- asterisk 14.0.2,
- asterisk 14.01,
- asterisk 14.02,
- asterisk 14.1,
- asterisk 14.1.0,
- asterisk 14.1.1,
- asterisk 14.1.2,
- asterisk 14.2,
- asterisk 14.2.0,
- asterisk 14.2.1,
- asterisk 14.3.0,
- asterisk 14.3.1,
- asterisk 14.4.0,
- asterisk 14.4.1,
- asterisk 14.5.0,
- asterisk 14.6.0,
- certified asterisk 11.6,
- certified asterisk 13.13
References
Advisory
