CVE-2014-8418 (retired)

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x
before, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified
Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote
authenticated users to gain privileges via a call from an external
protocol, as demonstrated by the AMI protocol.
Upstream:released (,11.14.1, 12.7.1, 13.0.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:13.1.0~dfsg-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:13.1.0~dfsg-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1:13.1.0~dfsg-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (1:13.1.0~dfsg-1ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (1:13.1.0~dfsg-1ubuntu1)
Upstream: (1.8)
Upstream: (11)
Upstream: (13)
More Information

Updated: 2019-04-26 14:33:57 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)