Unrated severityNVD Advisory· Published Aug 31, 2012· Updated Apr 29, 2026

CVE-2012-2186

Description

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.

Affected products

116

Asterisk/Business Edition2 versions
cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*range: <=c.3.7.5
- cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*
Asterisk/Certified Asterisk6 versions
cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*
- cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:certified_asterisk:*:cert5:*:*:*:*:*:*range: <=1.8.11
Asterisk/Digiumphones
cpe:2.3:a:asterisk:digiumphones:*:*:*:*:*:*:*:*
Range: <=10.7.0
Asterisk/Opensource106 versions
cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*+ 105 more
- cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*
Freepbx/Asterisk
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
Range: <=1.8.15.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

downloads.asterisk.org/pub/security/AST-2012-012.htmlnvdPatchVendor Advisory
secunia.com/advisories/50687nvd
secunia.com/advisories/50756nvd
www.debian.org/security/2012/dsa-2550nvd
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000