CVE-2017-14001

high

Published 2017-09-26 · Modified 2026-05-13

CVSS v3

8.8

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

9.0

VIR risk

8.8

Description

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
digium	asterisk_gui	`{"endIncluding":"2.1.0"}`

References

http://www.securityfocus.com/bid/100950
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-03
http://www.securityfocus.com/bid/100950
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-03

CWEs

CWE-78

Verify integrity in audit chain (admin only). AS-IS.