VDB
CVE-2007-1595
CVE-2007-1595
PUBLISHED
CVSS 7.5 HIGH
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
EPSS 0.85% · 75.2th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
0.85%
75.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| asterisk | asterisk | 1.2.13 |
Timeline
- Mar 22, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- http://svn.digium.com/view/asterisk?rev=59073&view=rev patch
- http://bugs.digium.com/view.php?id=9316 advisory
- http://secunia.com/advisories/24694 technical
- http://secunia.com/advisories/25582 technical
- 23155 vdb
- SUSE-SA:2007:034 vendor-advisory
- ADV-2007-1123 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2007-1595 advisory