CVE-2022-26651
Published Apr 15, 2022
Last updated 2 years ago
Overview
- Description
- An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1533FF1D-ABC5-4F45-8FB4-7441C03422F4",
"versionEndExcluding": "16.25.2",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FD25061-F1D0-4849-9905-CB4AEDC59363",
"versionEndExcluding": "19.3.2",
"versionStartIncluding": "19.0.0"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B416D491-F0D0-4F9E-BEE0-236D9FFF03FE"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A21DB030-7BE3-4ED0-8212-7FACC715136F"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BF4E88F-5400-4B79-ADBA-ECED941AF092"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21C227EC-7084-4F08-AA04-271DB4561823"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30"
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]