Vulnerability Details : CVE-2007-1595
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
Products affected by CVE-2007-1595
- cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1595
3.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1595
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2007-1595
-
http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
404 Page Not Found | SUSE
-
http://www.securityfocus.com/bid/23155
-
http://svn.digium.com/view/asterisk?rev=59073&view=rev
404 Not FoundPatch
-
http://bugs.digium.com/view.php?id=9316
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/1123
Site en construction
Jump to