CVE-2017-14001

HIGH

Digium Asterisk GUI <2.1.0 - Code Injection

Title source: llm
STIX 2.1

Description

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-03
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100950

Scores

CVSS v3 8.8
EPSS 0.0645
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
digium/asterisk_gui < 2.1.0
n/a/Digium Asterisk GUI Digium Asterisk GUI
Published Sep 26, 2017
Tracked Since Feb 18, 2026