CVE-2008-3263
6.4 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.966 High
EPSS
Percentile
99.6%
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
References
downloads.digium.com/pub/security/AST-2008-010.html
downloads.securityfocus.com/vulnerabilities/exploits/30321.pl
secunia.com/advisories/31178
secunia.com/advisories/31194
secunia.com/advisories/34982
security.gentoo.org/glsa/glsa-200905-01.xml
www.securityfocus.com/archive/1/494675/100/0/threaded
www.securityfocus.com/bid/30321
www.securitytracker.com/id?1020535
www.vupen.com/english/advisories/2008/2168/references
exchange.xforce.ibmcloud.com/vulnerabilities/43942
www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html
Social References
More
Related
6.4 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.966 High
EPSS
Percentile
99.6%