Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

  • Published: Feb 23, 2010
  • Updated: Apr 13, 2023
  • CVE: CVE-2010-0685
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
digium / asterisk 1.2.1 1.2.1.x
digium / asterisk 1.2.27 1.2.27.x
digium / asterisk 1.4.5 1.4.5.x
digium / asterisk 1.2.11 1.2.11.x
digium / asterisk 1.2.0-beta1 1.2.0-beta1.x
digium / asterisk 1.2.26.2-netsec 1.2.26.2-netsec.x
digium / asterisk 1.2.26 1.2.26.x
digium / asterisk 1.2.12 1.2.12.x
digium / asterisk 1.2.36 1.2.36.x
digium / asterisk 1.2.21.1-netsec 1.2.21.1-netsec.x
digium / asterisk 1.2.30.1 1.2.30.1.x
digium / asterisk 1.2.12-netsec 1.2.12-netsec.x
digium / asterisk 1.2.31.1 1.2.31.1.x
digium / asterisk 1.2.29 1.2.29.x
digium / asterisk 1.2.10 1.2.10.x
digium / asterisk 1.2.28 1.2.28.x
digium / asterisk 1.4.16 1.4.16.x
digium / asterisk 1.4.3 1.4.3.x
digium / asterisk 1.2.26-netsec 1.2.26-netsec.x
digium / asterisk 1.2.21 1.2.21.x
digium / asterisk 1.2.3 1.2.3.x
digium / asterisk 1.2.20 1.2.20.x
digium / asterisk 1.2.13-netsec 1.2.13-netsec.x
digium / asterisk 1.2.10-netsec 1.2.10-netsec.x
digium / asterisk 1.2.22 1.2.22.x
digium / asterisk 1.2.9 1.2.9.x
digium / asterisk 1.2.35 1.2.35.x
digium / asterisk 1.6.0 1.6.0.x
digium / asterisk 1.4.4 1.4.4.x
digium / asterisk 1.2.32 1.2.32.x
digium / asterisk 1.2.17-netsec 1.2.17-netsec.x
digium / asterisk 1.4.22 1.4.22.x
digium / asterisk 1.4.0 1.4.0.x
digium / asterisk 1.2.26.1 1.2.26.1.x
digium / asterisk 1.2.19 1.2.19.x
digium / asterisk 1.2.20-netsec 1.2.20-netsec.x
digium / asterisk 1.2.23-netsec 1.2.23-netsec.x
digium / asterisk 1.4.6 1.4.6.x
digium / asterisk 1.4.20 1.4.20.x
digium / asterisk 1.2.0-rc2 1.2.0-rc2.x
digium / asterisk 1.2.30.4 1.2.30.4.x
digium / asterisk 1.2.13 1.2.13.x
digium / asterisk 1.4.2 1.4.2.x
digium / asterisk 1.4.19 1.4.19.x
digium / asterisk 1.2.30.2 1.2.30.2.x
digium / asterisk 1.4.18 1.4.18.x
digium / asterisk 1.2.15-netsec 1.2.15-netsec.x
digium / asterisk 1.2.23 1.2.23.x
digium / asterisk 1.2.28.1 1.2.28.1.x
digium / asterisk 1.2.30.3 1.2.30.3.x
digium / asterisk 1.4.10 1.4.10.x
digium / asterisk 1.2.22-netsec 1.2.22-netsec.x
digium / asterisk 1.2.2-netsec 1.2.2-netsec.x
digium / asterisk 1.2.24-netsec 1.2.24-netsec.x
digium / asterisk 1.2.8 1.2.8.x
digium / asterisk 1.4.25 1.4.25.x
digium / asterisk 1.2.3-netsec 1.2.3-netsec.x
digium / asterisk 1.4.11 1.4.11.x
digium / asterisk 1.4.23 1.4.23.x
digium / asterisk 1.4.7 1.4.7.x
digium / asterisk 1.2.21-netsec 1.2.21-netsec.x
digium / asterisk 1.4.15 1.4.15.x
digium / asterisk 1.2.25-netsec 1.2.25-netsec.x
digium / asterisk 1.2.18 1.2.18.x
digium / asterisk 1.2.6 1.2.6.x
digium / asterisk 1.2.33 1.2.33.x
digium / asterisk 1.2.0-beta2 1.2.0-beta2.x
digium / asterisk 1.2.15 1.2.15.x
digium / asterisk 1.2.7 1.2.7.x
digium / asterisk 1.2.17 1.2.17.x
digium / asterisk 1.2.30 1.2.30.x
digium / asterisk 1.4.27 1.4.27.x
digium / asterisk 1.6.1 1.6.1.x
digium / asterisk 1.2.14 1.2.14.x
digium / asterisk 1.4.9 1.4.9.x
digium / asterisk 1.2.11-netsec 1.2.11-netsec.x
digium / asterisk 1.4.12 1.4.12.x
digium / asterisk 1.2.0 1.2.0.x
digium / asterisk 1.2.18-netsec 1.2.18-netsec.x
digium / asterisk 1.4.13 1.4.13.x
digium / asterisk 1.2.19-netsec 1.2.19-netsec.x
digium / asterisk 1.2.12.1 1.2.12.1.x
digium / asterisk 1.4.17 1.4.17.x
digium / asterisk 1.2.26.1-netsec 1.2.26.1-netsec.x
digium / asterisk 1.2.34 1.2.34.x
digium / asterisk 1.4.1 1.4.1.x
digium / asterisk 1.2.24 1.2.24.x
digium / asterisk 1.2.2 1.2.2.x
digium / asterisk 1.2.16 1.2.16.x
digium / asterisk 1.4.14 1.4.14.x
digium / asterisk 1.2.21.1 1.2.21.1.x
digium / asterisk 1.4.24 1.4.24.x
digium / asterisk 1.2.31 1.2.31.x
digium / asterisk 1.4.26 1.4.26.x
digium / asterisk 1.2.0-rc1 1.2.0-rc1.x
digium / asterisk 1.2.16-netsec 1.2.16-netsec.x
digium / asterisk 1.4.8 1.4.8.x
digium / asterisk 1.2.12.1-netsec 1.2.12.1-netsec.x
digium / asterisk 1.2.26.2 1.2.26.2.x
digium / asterisk 1.4.21 1.4.21.x
digium / asterisk 1.2.25 1.2.25.x
digium / asterisk b.2.3.4 b.2.3.4.x
digium / asterisk b.2.3.3 b.2.3.3.x
digium / asterisk c.1.8.1 c.1.8.1.x
digium / asterisk b.2.3.6 b.2.3.6.x
digium / asterisk c.2.3 c.2.3.x
digium / asterisk b.1.3.3 b.1.3.3.x
digium / asterisk b.1.3.2 b.1.3.2.x
digium / asterisk b.2.3.1 b.2.3.1.x
digium / asterisk b.2.5.0 b.2.5.0.x
digium / asterisk c.1.0-beta7 c.1.0-beta7.x
digium / asterisk c.1.8.0 c.1.8.0.x
digium / asterisk b.2.5.3 b.2.5.3.x
digium / asterisk c.1.6.2 c.1.6.2.x
digium / asterisk c.3.0 c.3.0.x
digium / asterisk b.2.2.0 b.2.2.0.x
digium / asterisk b.2.5.1 b.2.5.1.x
digium / asterisk c.1.6.1 c.1.6.1.x
digium / asterisk b.2.2.1 b.2.2.1.x
digium / asterisk b.2.3.2 b.2.3.2.x
digium / asterisk b.2.5.2 b.2.5.2.x
digium / asterisk b.2.3.5 b.2.3.5.x
digium / asterisk c.1.0-beta8 c.1.0-beta8.x
digium / asterisk c.1.6 c.1.6.x