CVE-2014-8412

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

Published: Nov 24, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-8412
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
digium / certified_asterisk	11.6-cert2	11.6-cert2.x
digium / certified_asterisk	11.6-cert7	11.6-cert7.x
digium / certified_asterisk	11.6-cert4	11.6-cert4.x
digium / certified_asterisk	1.8.28-cert2	1.8.28-cert2.x
digium / certified_asterisk	1.8.28.0	1.8.28.0.x
digium / certified_asterisk	1.8.28-cert1	1.8.28-cert1.x
digium / certified_asterisk	11.6-cert1	11.6-cert1.x
digium / certified_asterisk	11.6-cert3	11.6-cert3.x
digium / certified_asterisk	11.6-cert6	11.6-cert6.x
digium / certified_asterisk	11.6-cert5	11.6-cert5.x
digium / certified_asterisk	11.6.0	11.6.0.x
digium / asterisk	1.8.0	1.8.32.1
digium / asterisk	11.0.0	11.14.1
digium / asterisk	12.0.0	12.7.1
digium / asterisk	13.0.0	13.0.1

http://downloads.asterisk.org/pub/security/AST-2014-012.html

Vulnerability Database

289,784

CVE-2014-8412