Lucene search

K
nvd[email protected]NVD:CVE-2007-6430
HistoryDec 20, 2007 - 2:46 a.m.

CVE-2007-6430

2007-12-2002:46:00
CWE-287
web.nvd.nist.gov
1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (β€œrealtime”) and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Affected configurations

NVD
Node
asteriskasterisk_business_editionMatchb.1.3.2
OR
asteriskasterisk_business_editionMatchb.1.3.3
OR
asteriskasterisk_business_editionMatchb.2.2.0
OR
asteriskasterisk_business_editionMatchb.2.2.1
OR
asteriskasterisk_business_editionMatchb.2.3.1
OR
asteriskasterisk_business_editionMatchb.2.3.2
OR
asteriskasterisk_business_editionMatchb.2.3.3
OR
asteriskasterisk_business_editionMatchb.2.3.4
OR
asteriskasterisk_business_editionMatchc.1.0beta7
OR
asteriskopen_sourceMatch1.2.0beta1
OR
asteriskopen_sourceMatch1.2.0beta2
OR
asteriskopen_sourceMatch1.2.5
OR
asteriskopen_sourceMatch1.2.6
OR
asteriskopen_sourceMatch1.2.7
OR
asteriskopen_sourceMatch1.2.8
OR
asteriskopen_sourceMatch1.2.9
OR
asteriskopen_sourceMatch1.2.10
OR
asteriskopen_sourceMatch1.2.11
OR
asteriskopen_sourceMatch1.2.13
OR
asteriskopen_sourceMatch1.2.14
OR
asteriskopen_sourceMatch1.2.15
OR
asteriskopen_sourceMatch1.2.16
OR
asteriskopen_sourceMatch1.2.17
OR
asteriskopen_sourceMatch1.2.18
OR
asteriskopen_sourceMatch1.2.19
OR
asteriskopen_sourceMatch1.2.21
OR
asteriskopen_sourceMatch1.2.22
OR
asteriskopen_sourceMatch1.2.23
OR
asteriskopen_sourceMatch1.2.24
OR
asteriskopen_sourceMatch1.2.25
OR
asteriskopen_sourceMatch1.4.1
OR
asteriskopen_sourceMatch1.4.2
OR
asteriskopen_sourceMatch1.4.3
OR
asteriskopen_sourceMatch1.4.4
OR
asteriskopen_sourceMatch1.4.5
OR
asteriskopen_sourceMatch1.4.6
OR
asteriskopen_sourceMatch1.4.7
OR
asteriskopen_sourceMatch1.4.8
OR
asteriskopen_sourceMatch1.4.9
OR
asteriskopen_sourceMatch1.4.10
OR
asteriskopen_sourceMatch1.4.11
OR
asteriskopen_sourceMatch1.4.12
OR
asteriskopen_sourceMatch1.4.13
OR
asteriskopen_sourceMatch1.4.14
OR
asteriskopen_sourceMatch1.4.15
OR
asteriskopen_sourceMatch1.4beta

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%