Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-1224

EPSS 1.00% · P77
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-1224

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Digium Asterisk CIDR绕过主机访问限制规则漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP,IAX,H323协议进行IP通话。 Asterisk Open Source 中的main/acl.c 存在访问控制绕过漏洞。当permit= 和 deny= 规则配置中用到CIDR符号“/0”时,因为没有正确的强制远程主机的访问控制权限,造成不正确的运算移位,远程攻击者从未经授权的主机绕过ACL规则并访问服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2010-1224

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2010-1224

登录查看更多情报信息。

Same Patch Batch · n/a · 2010-04-01 · 48 CVEs total

CVE-2010-0837Oracle Java SE 和Business Java 组件'Pack200'未明安全漏洞
CVE-2010-0840Oracle Java SE和Java for Business Java运行时环境漏洞
CVE-2010-0842Oracle Java SE和Java for Business Sound组件未明安全漏洞
CVE-2010-0846Oracle Java SE和Java for Business ImageIO组件未明安全漏洞
CVE-2010-0847Oracle Java SE 和Business Java 组件'Java 2D'未明安全漏洞
CVE-2010-0848Oracle Java SE 和Business Java 组建'Java 2D'未明安全漏洞
CVE-2010-0849Oracle Java SE和Java for Business Java 2D组件未明安全漏洞
CVE-2010-0850Oracle Java SE 和Business Java平台Java 2D 组件未明漏洞
CVE-2010-0845Oracle Java SE 和Business Java 组件'HotSpot Server'未明安全漏洞
CVE-2010-0838Oracle Java SE和Java for Business Java 2D组件未明安全漏洞
CVE-2010-0839Oracle Java SE 和Business Java 组件'Sound'未明安全漏洞
CVE-2010-0095Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0094Oracle Java SE和Java for Business Java运行时环境漏洞
CVE-2010-0093Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0092Oracle Java SE和Java for Business JAVA运行时环境漏洞
CVE-2010-0091Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0090Oracle Java SE和Java for Business JAVA运行时环境漏洞
CVE-2010-0089Oracle Java SE 和Business Java 组件'Java Web Start, Java Plug-in'未明安全漏洞
CVE-2010-0088Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0087Oracle Java SE 和Business Java 组件'Java Web Start, Java Plug-in'未明安全漏洞

Showing top 20 of 48 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2010-1224

No comments yet

Leave a comment