CVE-2012-2186
NONE EPSS 87.9%
Published Aug 31, 201213y ago · Modified Jun 16, 20262w ago
Published Aug 31, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Threat Intelligence
EPSS Exploit Probability
87.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 117
| Vendor | Product | Version | Range |
|---|---|---|---|
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.0 | any |
| asterisk | open_source | 1.8.1 | any |
| asterisk | open_source | 1.8.1 | any |
| asterisk | open_source | 1.8.1.1 | any |
| asterisk | open_source | 1.8.1.2 | any |
| asterisk | open_source | 1.8.2 | any |
| asterisk | open_source | 1.8.2 | any |
| asterisk | open_source | 1.8.2.1 | any |
| asterisk | open_source | 1.8.2.2 | any |
| asterisk | open_source | 1.8.2.3 | any |
| asterisk | open_source | 1.8.2.4 | any |
| asterisk | open_source | 1.8.3 | any |
| asterisk | open_source | 1.8.3 | any |
| asterisk | open_source | 1.8.3 | any |
| asterisk | open_source | 1.8.3 | any |
| asterisk | open_source | 1.8.3.1 | any |
| asterisk | open_source | 1.8.3.2 | any |
| asterisk | open_source | 1.8.3.3 | any |
| asterisk | open_source | 1.8.4 | any |
| asterisk | open_source | 1.8.4 | any |
| asterisk | open_source | 1.8.4 | any |
| asterisk | open_source | 1.8.4 | any |
| asterisk | open_source | 1.8.4.1 | any |
| asterisk | open_source | 1.8.4.2 | any |
| asterisk | open_source | 1.8.4.3 | any |
| asterisk | open_source | 1.8.4.4 | any |
| asterisk | open_source | 1.8.5 | any |
| asterisk | open_source | 1.8.5.0 | any |
| asterisk | open_source | 1.8.6.0 | any |
| asterisk | open_source | 1.8.6.0 | any |
| asterisk | open_source | 1.8.6.0 | any |
| asterisk | open_source | 1.8.6.0 | any |
| asterisk | open_source | 1.8.7 | any |
| asterisk | open_source | 1.8.7.0 | any |
| asterisk | open_source | 1.8.7.0 | any |
| asterisk | open_source | 1.8.7.0 | any |
| asterisk | open_source | 1.8.7.1 | any |
| asterisk | open_source | 1.8.7.2 | any |
| asterisk | open_source | 1.8.8.0 | any |
| asterisk | open_source | 1.8.8.0 | any |
| asterisk | open_source | 1.8.8.0 | any |
| asterisk | open_source | 1.8.8.0 | any |
| asterisk | open_source | 1.8.8.0 | any |
| asterisk | open_source | 1.8.8.0 | any |
| asterisk | open_source | 1.8.8.1 | any |
| asterisk | open_source | 1.8.8.2 | any |
| asterisk | open_source | 1.8.9.0 | any |
| asterisk | open_source | 1.8.9.0 | any |
| asterisk | open_source | 1.8.9.0 | any |
| asterisk | open_source | 1.8.9.0 | any |
| asterisk | open_source | 1.8.9.1 | any |
| asterisk | open_source | 1.8.9.2 | any |
| asterisk | open_source | 1.8.9.3 | any |
| asterisk | open_source | 1.8.10.0 | any |
| asterisk | open_source | 1.8.10.0 | any |
| asterisk | open_source | 1.8.10.0 | any |
| asterisk | open_source | 1.8.10.0 | any |
| asterisk | open_source | 1.8.10.0 | any |
| asterisk | open_source | 1.8.10.1 | any |
| asterisk | open_source | 1.8.11.0 | any |
| asterisk | open_source | 1.8.11.0 | any |
| asterisk | open_source | 1.8.11.0 | any |
| asterisk | open_source | 1.8.11.1 | any |
| asterisk | open_source | 1.8.12 | any |
| asterisk | open_source | 1.8.12.0 | any |
| asterisk | open_source | 1.8.12.0 | any |
| asterisk | open_source | 1.8.12.0 | any |
| asterisk | open_source | 1.8.12.0 | any |
| sangoma | asterisk | * | ≤1.8.15.0 |
| asterisk | open_source | 10.0.0 | any |
| asterisk | open_source | 10.0.0 | any |
| asterisk | open_source | 10.0.0 | any |
| asterisk | open_source | 10.0.0 | any |
| asterisk | open_source | 10.0.0 | any |
| asterisk | open_source | 10.0.0 | any |
| asterisk | open_source | 10.0.1 | any |
| asterisk | open_source | 10.1.0 | any |
| asterisk | open_source | 10.1.0 | any |
| asterisk | open_source | 10.1.0 | any |
| asterisk | open_source | 10.1.1 | any |
| asterisk | open_source | 10.1.2 | any |
| asterisk | open_source | 10.1.3 | any |
| asterisk | open_source | 10.2.0 | any |
| asterisk | open_source | 10.2.0 | any |
| asterisk | open_source | 10.2.0 | any |
| asterisk | open_source | 10.2.0 | any |
| asterisk | open_source | 10.2.0 | any |
| asterisk | open_source | 10.2.1 | any |
| asterisk | open_source | 10.3 | any |
| asterisk | open_source | 10.3.0 | any |
| asterisk | open_source | 10.3.0 | any |
| asterisk | open_source | 10.3.0 | any |
| asterisk | open_source | 10.3.1 | any |
| asterisk | open_source | 10.4.0 | any |
| asterisk | open_source | 10.4.0 | any |
| asterisk | open_source | 10.4.0 | any |
| asterisk | open_source | 10.4.0 | any |
| sangoma | asterisk | * | ≤10.7.0 |
| asterisk | certified_asterisk | * | ≤1.8.11 |
| asterisk | certified_asterisk | 1.8.11 | any |
| asterisk | certified_asterisk | 1.8.11 | any |
| asterisk | certified_asterisk | 1.8.11 | any |
| asterisk | certified_asterisk | 1.8.11 | any |
| asterisk | certified_asterisk | 1.8.11 | any |
| asterisk | digiumphones | * | ≤10.7.0 |
| asterisk | business_edition | * | ≤c.3.7.5 |
| asterisk | business_edition | c.3.0 | any |
References 5
- downloads.asterisk.org http://downloads.asterisk.org/pub/security/AST-2012-012.html
- secunia.com http://secunia.com/advisories/50687
- secunia.com http://secunia.com/advisories/50756
- debian.org http://www.debian.org/security/2012/dsa-2550
- securitytracker.com http://www.securitytracker.com/id?1027460
Remediation
- downloads.asterisk.org http://downloads.asterisk.org/pub/security/AST-2012-012.html