What are the consequences of exploiting CVE-2010-0685?

Exploiting CVE-2010-0685 can allow an attacker to inject arbitrary strings into the dialplan, possibly leading to unauthorized access or control over the Asterisk system.

Which versions of Asterisk are affected by CVE-2010-0685?

CVE-2010-0685 affects Asterisk versions 1.2.x, 1.4.x, and 1.6.x, along with certain versions of Asterisk Business Edition.

How do I mitigate CVE-2010-0685?

To mitigate CVE-2010-0685, upgrade to a patched version of Asterisk that addresses this vulnerability.

Is CVE-2010-0685 a critical vulnerability?

CVE-2010-0685 is classified as a significant vulnerability due to its potential to manipulate dialplan execution.

What is the recommended action for users of Asterisk affected by CVE-2010-0685?

Asterisk users should immediately upgrade to the latest version that includes fixes for CVE-2010-0685 to protect against potential exploitation.

Vulnerability/
CVE-2010-0685

medium

CWE

NVD-CWE-Other

23/2/2010

7/8/2024

CVE-2010-0685

First published: Tue Feb 23 2010(Updated: )

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Asterisk	=1.2.0
Asterisk	=1.2.0-beta1
Asterisk	=1.2.0-beta2
Asterisk	=1.2.0-rc1
Asterisk	=1.2.0-rc2
Asterisk	=1.2.1
Asterisk	=1.2.2
Asterisk	=1.2.2-netsec
Asterisk	=1.2.3
Asterisk	=1.2.3-netsec
Asterisk	=1.2.6
Asterisk	=1.2.7
Asterisk	=1.2.8
Asterisk	=1.2.9
Asterisk	=1.2.10
Asterisk	=1.2.10-netsec
Asterisk	=1.2.11
Asterisk	=1.2.11-netsec
Asterisk	=1.2.12
Asterisk	=1.2.12-netsec
Asterisk	=1.2.12.1
Asterisk	=1.2.12.1-netsec
Asterisk	=1.2.13
Asterisk	=1.2.13-netsec
Asterisk	=1.2.14
Asterisk	=1.2.15
Asterisk	=1.2.15-netsec
Asterisk	=1.2.16
Asterisk	=1.2.16-netsec
Asterisk	=1.2.17
Asterisk	=1.2.17-netsec
Asterisk	=1.2.18
Asterisk	=1.2.18-netsec
Asterisk	=1.2.19
Asterisk	=1.2.19-netsec
Asterisk	=1.2.20
Asterisk	=1.2.20-netsec
Asterisk	=1.2.21
Asterisk	=1.2.21-netsec
Asterisk	=1.2.21.1
Asterisk	=1.2.21.1-netsec
Asterisk	=1.2.22
Asterisk	=1.2.22-netsec
Asterisk	=1.2.23
Asterisk	=1.2.23-netsec
Asterisk	=1.2.24
Asterisk	=1.2.24-netsec
Asterisk	=1.2.25
Asterisk	=1.2.25-netsec
Asterisk	=1.2.26
Asterisk	=1.2.26-netsec
Asterisk	=1.2.26.1
Asterisk	=1.2.26.1-netsec
Asterisk	=1.2.26.2
Asterisk	=1.2.26.2-netsec
Asterisk	=1.2.27
Asterisk	=1.2.28
Asterisk	=1.2.28.1
Asterisk	=1.2.29
Asterisk	=1.2.30
Asterisk	=1.2.30.1
Asterisk	=1.2.30.2
Asterisk	=1.2.30.3
Asterisk	=1.2.30.4
Asterisk	=1.2.31
Asterisk	=1.2.31.1
Asterisk	=1.2.32
Asterisk	=1.2.33
Asterisk	=1.2.34
Asterisk	=1.2.35
Asterisk	=1.2.36
Asterisk	=1.4.0
Asterisk	=1.4.1
Asterisk	=1.4.2
Asterisk	=1.4.3
Asterisk	=1.4.4
Asterisk	=1.4.5
Asterisk	=1.4.6
Asterisk	=1.4.7
Asterisk	=1.4.8
Asterisk	=1.4.9
Asterisk	=1.4.10
Asterisk	=1.4.11
Asterisk	=1.4.12
Asterisk	=1.4.13
Asterisk	=1.4.14
Asterisk	=1.4.15
Asterisk	=1.4.16
Asterisk	=1.4.17
Asterisk	=1.4.18
Asterisk	=1.4.19
Asterisk	=1.4.20
Asterisk	=1.4.21
Asterisk	=1.4.22
Asterisk	=1.4.23
Asterisk	=1.4.24
Asterisk	=1.4.25
Asterisk	=1.4.26
Asterisk	=1.4.27
Asterisk	=1.6.0
Asterisk	=1.6.1
Asterisk	=1.6.1.0
Asterisk	=1.6.2.0
Asterisk	=b.1.3.2
Asterisk	=b.1.3.3
Asterisk	=b.2.2.0
Asterisk	=b.2.2.1
Asterisk	=b.2.3.1
Asterisk	=b.2.3.2
Asterisk	=b.2.3.3
Asterisk	=b.2.3.4
Asterisk	=b.2.3.5
Asterisk	=b.2.3.6
Asterisk	=b.2.5.0
Asterisk	=b.2.5.1
Asterisk	=b.2.5.2
Asterisk	=b.2.5.3
Asterisk	=c.1.0-beta7
Asterisk	=c.1.0-beta8
Asterisk	=c.1.6
Asterisk	=c.1.6.1
Asterisk	=c.1.6.2
Asterisk	=c.1.8.0
Asterisk	=c.1.8.1
Asterisk	=c.2.3
Asterisk	=c.3.0
Asterisk	=1.6.1.0
Asterisk	=1.6.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What are the consequences of exploiting CVE-2010-0685?
Exploiting CVE-2010-0685 can allow an attacker to inject arbitrary strings into the dialplan, possibly leading to unauthorized access or control over the Asterisk system.
Which versions of Asterisk are affected by CVE-2010-0685?
CVE-2010-0685 affects Asterisk versions 1.2.x, 1.4.x, and 1.6.x, along with certain versions of Asterisk Business Edition.
How do I mitigate CVE-2010-0685?
To mitigate CVE-2010-0685, upgrade to a patched version of Asterisk that addresses this vulnerability.
Is CVE-2010-0685 a critical vulnerability?
CVE-2010-0685 is classified as a significant vulnerability due to its potential to manipulate dialplan execution.
What is the recommended action for users of Asterisk affected by CVE-2010-0685?
Asterisk users should immediately upgrade to the latest version that includes fixes for CVE-2010-0685 to protect against potential exploitation.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/references
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/softwarecombine
agent/tags
vendor/digium
canonical/asterisk
version/asterisk/1.2.0
version/asterisk/1.2.0-beta1
version/asterisk/1.2.0-beta2
version/asterisk/1.2.0-rc1
version/asterisk/1.2.0-rc2
version/asterisk/1.2.1
version/asterisk/1.2.2
version/asterisk/1.2.2-netsec
version/asterisk/1.2.3
version/asterisk/1.2.3-netsec
version/asterisk/1.2.6
version/asterisk/1.2.7
version/asterisk/1.2.8
version/asterisk/1.2.9
version/asterisk/1.2.10
version/asterisk/1.2.10-netsec
version/asterisk/1.2.11
version/asterisk/1.2.11-netsec
version/asterisk/1.2.12
version/asterisk/1.2.12-netsec
version/asterisk/1.2.12.1
version/asterisk/1.2.12.1-netsec
version/asterisk/1.2.13
version/asterisk/1.2.13-netsec
version/asterisk/1.2.14
version/asterisk/1.2.15
version/asterisk/1.2.15-netsec
version/asterisk/1.2.16
version/asterisk/1.2.16-netsec
version/asterisk/1.2.17
version/asterisk/1.2.17-netsec
version/asterisk/1.2.18
version/asterisk/1.2.18-netsec
version/asterisk/1.2.19
version/asterisk/1.2.19-netsec
version/asterisk/1.2.20
version/asterisk/1.2.20-netsec
version/asterisk/1.2.21
version/asterisk/1.2.21-netsec
version/asterisk/1.2.21.1
version/asterisk/1.2.21.1-netsec
version/asterisk/1.2.22
version/asterisk/1.2.22-netsec
version/asterisk/1.2.23
version/asterisk/1.2.23-netsec
version/asterisk/1.2.24
version/asterisk/1.2.24-netsec
version/asterisk/1.2.25
version/asterisk/1.2.25-netsec
version/asterisk/1.2.26
version/asterisk/1.2.26-netsec
version/asterisk/1.2.26.1
version/asterisk/1.2.26.1-netsec
version/asterisk/1.2.26.2
version/asterisk/1.2.26.2-netsec
version/asterisk/1.2.27
version/asterisk/1.2.28
version/asterisk/1.2.28.1
version/asterisk/1.2.29
version/asterisk/1.2.30
version/asterisk/1.2.30.1
version/asterisk/1.2.30.2
version/asterisk/1.2.30.3
version/asterisk/1.2.30.4
version/asterisk/1.2.31
version/asterisk/1.2.31.1
version/asterisk/1.2.32
version/asterisk/1.2.33
version/asterisk/1.2.34
version/asterisk/1.2.35
version/asterisk/1.2.36
version/asterisk/1.4.0
version/asterisk/1.4.1
version/asterisk/1.4.2
version/asterisk/1.4.3
version/asterisk/1.4.4
version/asterisk/1.4.5
version/asterisk/1.4.6
version/asterisk/1.4.7
version/asterisk/1.4.8
version/asterisk/1.4.9
version/asterisk/1.4.10
version/asterisk/1.4.11
version/asterisk/1.4.12
version/asterisk/1.4.13
version/asterisk/1.4.14
version/asterisk/1.4.15
version/asterisk/1.4.16
version/asterisk/1.4.17
version/asterisk/1.4.18
version/asterisk/1.4.19
version/asterisk/1.4.20
version/asterisk/1.4.21
version/asterisk/1.4.22
version/asterisk/1.4.23
version/asterisk/1.4.24
version/asterisk/1.4.25
version/asterisk/1.4.26
version/asterisk/1.4.27
version/asterisk/1.6.0
version/asterisk/1.6.1
version/asterisk/1.6.1.0
version/asterisk/1.6.2.0
version/asterisk/b.1.3.2
version/asterisk/b.1.3.3
version/asterisk/b.2.2.0
version/asterisk/b.2.2.1
version/asterisk/b.2.3.1
version/asterisk/b.2.3.2
version/asterisk/b.2.3.3
version/asterisk/b.2.3.4
version/asterisk/b.2.3.5
version/asterisk/b.2.3.6
version/asterisk/b.2.5.0
version/asterisk/b.2.5.1
version/asterisk/b.2.5.2
version/asterisk/b.2.5.3
version/asterisk/c.1.0-beta7
version/asterisk/c.1.0-beta8
version/asterisk/c.1.6
version/asterisk/c.1.6.1
version/asterisk/c.1.6.2
version/asterisk/c.1.8.0
version/asterisk/c.1.8.1
version/asterisk/c.2.3
version/asterisk/c.3.0

CVE-2010-0685

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What are the consequences of exploiting CVE-2010-0685?

Which versions of Asterisk are affected by CVE-2010-0685?

How do I mitigate CVE-2010-0685?

Is CVE-2010-0685 a critical vulnerability?

What is the recommended action for users of Asterisk affected by CVE-2010-0685?

Company

Resources

Contact

Frequently Asked Questions

What are the consequences of exploiting CVE-2010-0685?

Which versions of Asterisk are affected by CVE-2010-0685?

How do I mitigate CVE-2010-0685?

Is CVE-2010-0685 a critical vulnerability?

What is the recommended action for users of Asterisk affected by CVE-2010-0685?