High severity8.8NVD Advisory· Published Sep 26, 2017· Updated May 13, 2026

CVE-2017-14001

Description

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

Affected products

Digium/Asterisk Gui
cpe:2.3:a:digium:asterisk_gui:*:*:*:*:*:*:*:*
Range: <=2.1.0
N/a/Digium Asterisk Guiv5
Range: Digium Asterisk GUI

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100950nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-17-264-03nvdThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000