What is the severity of CVE-2014-8412?

CVE-2014-8412 has a severity rating that indicates a potential for remote attackers to bypass authentication and gain unauthorized access.

How do I fix CVE-2014-8412?

To fix CVE-2014-8412, update Asterisk to versions 1.8.32.1, 11.14.1, 12.7.1, or 13.0.1 or apply relevant patches.

Which versions of Asterisk are affected by CVE-2014-8412?

CVE-2014-8412 affects Asterisk Open Source versions prior to 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1.

Can CVE-2014-8412 be exploited remotely?

Yes, CVE-2014-8412 can be exploited remotely by attackers to bypass authentication mechanisms.

What components of Asterisk are impacted by CVE-2014-8412?

CVE-2014-8412 impacts the VoIP channel drivers, DUNDi, and Asterisk Manager Interface (AMI) within Asterisk.

Vulnerability/
CVE-2014-8412

medium

CWE

264

24/11/2014

6/8/2024

CVE-2014-8412

First published: Mon Nov 24 2014(Updated: )

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Digium Asterisk Appliance Developer Kit	=1.8.28-cert1
Digium Asterisk Appliance Developer Kit	=1.8.28-cert2
Digium Asterisk Appliance Developer Kit	=1.8.28.0
Digium Asterisk Appliance Developer Kit	=11.6-cert1
Digium Asterisk Appliance Developer Kit	=11.6-cert2
Digium Asterisk Appliance Developer Kit	=11.6-cert3
Digium Asterisk Appliance Developer Kit	=11.6-cert4
Digium Asterisk Appliance Developer Kit	=11.6-cert5
Digium Asterisk Appliance Developer Kit	=11.6-cert6
Digium Asterisk Appliance Developer Kit	=11.6-cert7
Digium Asterisk Appliance Developer Kit	=11.6.0
Asterisk	>=1.8.0<1.8.32.1
Asterisk	>=11.0.0<11.14.1
Asterisk	>=12.0.0<12.7.1
Asterisk	>=13.0.0<13.0.1

Never miss a vulnerability like this again

Reference Links

http://downloads.asterisk.org/pub/security/AST-2014-012.html

Frequently Asked Questions

What is the severity of CVE-2014-8412?
CVE-2014-8412 has a severity rating that indicates a potential for remote attackers to bypass authentication and gain unauthorized access.
How do I fix CVE-2014-8412?
To fix CVE-2014-8412, update Asterisk to versions 1.8.32.1, 11.14.1, 12.7.1, or 13.0.1 or apply relevant patches.
Which versions of Asterisk are affected by CVE-2014-8412?
CVE-2014-8412 affects Asterisk Open Source versions prior to 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1.
Can CVE-2014-8412 be exploited remotely?
Yes, CVE-2014-8412 can be exploited remotely by attackers to bypass authentication mechanisms.
What components of Asterisk are impacted by CVE-2014-8412?
CVE-2014-8412 impacts the VoIP channel drivers, DUNDi, and Asterisk Manager Interface (AMI) within Asterisk.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/references
agent/last-modified-date
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/digium
canonical/digium asterisk appliance developer kit
version/digium asterisk appliance developer kit/1.8.28-cert1
version/digium asterisk appliance developer kit/1.8.28-cert2
version/digium asterisk appliance developer kit/1.8.28.0
version/digium asterisk appliance developer kit/11.6-cert1
version/digium asterisk appliance developer kit/11.6-cert2
version/digium asterisk appliance developer kit/11.6-cert3
version/digium asterisk appliance developer kit/11.6-cert4
version/digium asterisk appliance developer kit/11.6-cert5
version/digium asterisk appliance developer kit/11.6-cert6
version/digium asterisk appliance developer kit/11.6-cert7
version/digium asterisk appliance developer kit/11.6.0
canonical/asterisk
version/asterisk/1.8.0
version/asterisk/11.0.0
version/asterisk/12.0.0
version/asterisk/13.0.0