CVE-2008-5558

Published Dec 17, 2008

Last updated 10 days ago

CVSS info 4.3

Overview

Description: Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FCD865F-BC39-4255-A797-6E5945773337"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB3C2CF4-4A4B-4398-92DC-EAE43801D08A"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4956871-4DD3-4299-8BEB-9D98A4449A42"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F796D547-034A-46FB-B245-3863C198AA84"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F04F844-79C4-41F3-9671-8B46460D0AAE"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9562112-2505-4F78-86DE-F30EFAEE47D5"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72A840B4-216B-4063-997F-791FBC8C8658"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72375576-F857-4585-A677-A326D89A65B5"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51E5EB34-30AD-4E81-8BD4-4AB905E52B82"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4359322B-08D0-4710-A9C3-54BD4A17B800"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78F84DF4-DBA7-430C-AF17-F52024EF80D7"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34266614-3588-485C-A609-37823F8499AC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References