Vulnerability Description
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk | 1.2.13 |
References
- http://bugs.digium.com/view.php?id=9316Vendor Advisory
- http://secunia.com/advisories/24694
- http://secunia.com/advisories/25582
- http://svn.digium.com/view/asterisk?rev=59073&view=revPatch
- http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
- http://www.securityfocus.com/bid/23155
- http://www.vupen.com/english/advisories/2007/1123
- http://bugs.digium.com/view.php?id=9316Vendor Advisory
- http://secunia.com/advisories/24694
- http://secunia.com/advisories/25582
- http://svn.digium.com/view/asterisk?rev=59073&view=revPatch
- http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
- http://www.securityfocus.com/bid/23155
- http://www.vupen.com/english/advisories/2007/1123
FAQ
What is CVE-2007-1595?
CVE-2007-1595 is a vulnerability with a CVSS score of 7.5 (HIGH). The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by sp...
How severe is CVE-2007-1595?
CVE-2007-1595 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1595?
Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Asterisk.