CVE-2022-26651

Published Apr 15, 2022

Last updated 3 months ago

CVSS critical 9.8

Overview

Description: An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1533FF1D-ABC5-4F45-8FB4-7441C03422F4",
            "versionEndExcluding": "16.25.2",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
            "versionEndExcluding": "18.11.2",
            "versionStartIncluding": "18.0"
          },
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FD25061-F1D0-4849-9905-CB4AEDC59363",
            "versionEndExcluding": "19.3.2",
            "versionStartIncluding": "19.0.0"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B416D491-F0D0-4F9E-BEE0-236D9FFF03FE"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21DB030-7BE3-4ED0-8212-7FACC715136F"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BF4E88F-5400-4B79-ADBA-ECED941AF092"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21C227EC-7084-4F08-AA04-271DB4561823"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References