CVE-2017-14001
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-14001
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Digium Asterisk GUI 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Digium Asterisk GUI是美国Digium公司的一款用于配置图形用户界面的框架。 Digium Asterisk GUI 2.1.0及之前的版本中存在操作系统命令注入漏洞,该漏洞源于程序没有正确的过滤用户提交的输入。远程攻击者可利用该漏洞在系统上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Digium Asterisk GUI | Digium Asterisk GUI | - |
II. Public POCs for CVE-2017-14001
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-14001
请登录查看更多情报信息。
- https://ics-cert.us-cert.gov/advisories/ICSA-17-264-03x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-14001
Same Patch Batch · n/a · 2017-09-26 · 25 CVEs total
| CVE-2017-14602 | Citrix Systems NetScaler Application Delivery Controller和NetScaler Gateway 安全漏洞 | |
| CVE-2017-14737 | Botan 安全漏洞 | |
| CVE-2017-14741 | ImageMagick 输入验证漏洞 | |
| CVE-2017-14739 | ImageMagick 代码问题漏洞 | |
| CVE-2017-12154 | Linux kernel 资料不足漏洞 | |
| CVE-2017-1000252 | Linux kernel KVM子系统输入验证错误漏洞 | |
| CVE-2017-14744 | Baidu UEditor 跨站脚本漏洞 | |
| CVE-2017-14743 | Faleemi FSC-880 SQL注入漏洞 | |
| CVE-2017-14703 | Cash Back Comparison Script SQL注入漏洞 | |
| CVE-2017-5200 | SaltStack Salt 安全漏洞 | |
| CVE-2017-5192 | SaltStack Salt 安全漏洞 | |
| CVE-2017-14704 | Claydip Laravel Airbnb Clone 安全漏洞 | |
| CVE-2017-14751 | WordPress WP Jobs插件跨站脚本漏洞 | |
| CVE-2017-13129 | ZKTeco ZKTime Web 跨站请求伪造漏洞 | |
| CVE-2015-5070 | Wesnoth 信息泄露漏洞 | |
| CVE-2015-5069 | Wesnoth 信息泄露漏洞 | |
| CVE-2015-0874 | Ogaki Kyoritsu bank Smartphone Passbook 安全漏洞 | |
| CVE-2015-7670 | WordPress Support Ticket System SQL注入漏洞 | |
| CVE-2015-7391 | TestLink 跨站脚本漏洞 | |
| CVE-2015-7390 | TestLink SQL注入漏洞 |
Showing top 20 of 25 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-78
V. Comments for CVE-2017-14001
No comments yet