Lucene search

[email protected]NVD:CVE-2008-1897

HistoryApr 23, 2008 - 4:05 p.m.

CVE-2008-1897

2008-04-2316:05:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

Low

EPSS

0.939

Percentile

99.1%

JSON

The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server’s reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.

Affected configurations

Nvd

Node

asteriskasterisk_appliance_developer_kitMatch0.2

asteriskasterisk_appliance_developer_kitMatch0.3

asteriskasterisk_appliance_developer_kitMatch0.4

asteriskasterisk_appliance_developer_kitMatch0.5

asteriskasterisk_appliance_developer_kitMatch0.6

asteriskasterisk_appliance_developer_kitMatch0.6.0

asteriskasterisk_appliance_developer_kitMatch0.7

asteriskasterisk_appliance_developer_kitMatch0.8

asteriskasterisk_business_editionRange≤b.2.5.1

asteriskasterisk_business_editionRange≤c1.8.0

asteriskasterisk_business_editionMatcha

asteriskasterisk_business_editionMatchb.1.3.2

asteriskasterisk_business_editionMatchb.1.3.3

asteriskasterisk_business_editionMatchb.2.2.0

asteriskasterisk_business_editionMatchb.2.2.1

asteriskasterisk_business_editionMatchb.2.3.1

asteriskasterisk_business_editionMatchb.2.3.2

asteriskasterisk_business_editionMatchb.2.3.3

asteriskasterisk_business_editionMatchb.2.3.4

asteriskasterisk_business_editionMatchb.2.3.6

asteriskasterisk_business_editionMatchb.2.5.0

asteriskasterisk_business_editionMatchc.1.0beta7

asteriskasterisk_business_editionMatchc.1.0beta8

asteriskasterisk_business_editionMatchc.1.6

asteriskasterisk_business_editionMatchc.1.6.1

asteriskasterisk_business_editionMatchc.1.6.2

asteriskasterisknowRange≤1.0.2

asteriskasterisknowMatch1.0

asteriskasterisknowMatch1.0.1

asteriskopen_sourceRange≤1.2.27

asteriskopen_sourceRange≤1.4.19

asteriskopen_sourceMatch1.0

asteriskopen_sourceMatch1.0rc1

asteriskopen_sourceMatch1.0rc2

asteriskopen_sourceMatch1.0.0

asteriskopen_sourceMatch1.0.1

asteriskopen_sourceMatch1.0.2

asteriskopen_sourceMatch1.0.3

asteriskopen_sourceMatch1.0.3.4

asteriskopen_sourceMatch1.0.4

asteriskopen_sourceMatch1.0.5

asteriskopen_sourceMatch1.0.6

asteriskopen_sourceMatch1.0.7

asteriskopen_sourceMatch1.0.8

asteriskopen_sourceMatch1.0.9

asteriskopen_sourceMatch1.0.11

asteriskopen_sourceMatch1.0.11patch

asteriskopen_sourceMatch1.0.11.1

asteriskopen_sourceMatch1.0.11.1patch

asteriskopen_sourceMatch1.0.12

asteriskopen_sourceMatch1.0.12patch

asteriskopen_sourceMatch1.2.0

asteriskopen_sourceMatch1.2.0beta1

asteriskopen_sourceMatch1.2.0beta2

asteriskopen_sourceMatch1.2.0rc1

asteriskopen_sourceMatch1.2.0rc2

asteriskopen_sourceMatch1.2.1

asteriskopen_sourceMatch1.2.2

asteriskopen_sourceMatch1.2.2netsec

asteriskopen_sourceMatch1.2.3

asteriskopen_sourceMatch1.2.3netsec

asteriskopen_sourceMatch1.2.4

asteriskopen_sourceMatch1.2.4netsec

asteriskopen_sourceMatch1.2.5

asteriskopen_sourceMatch1.2.5netsec

asteriskopen_sourceMatch1.2.6

asteriskopen_sourceMatch1.2.6netsec

asteriskopen_sourceMatch1.2.7

asteriskopen_sourceMatch1.2.7netsec

asteriskopen_sourceMatch1.2.7.1

asteriskopen_sourceMatch1.2.7.1netsec

asteriskopen_sourceMatch1.2.8

asteriskopen_sourceMatch1.2.8netsec

asteriskopen_sourceMatch1.2.9

asteriskopen_sourceMatch1.2.9.1

asteriskopen_sourceMatch1.2.9.1netsec

asteriskopen_sourceMatch1.2.10

asteriskopen_sourceMatch1.2.10netsec

asteriskopen_sourceMatch1.2.11

asteriskopen_sourceMatch1.2.11netsec

asteriskopen_sourceMatch1.2.12

asteriskopen_sourceMatch1.2.12netsec

asteriskopen_sourceMatch1.2.12.1

asteriskopen_sourceMatch1.2.12.1netsec

asteriskopen_sourceMatch1.2.13

asteriskopen_sourceMatch1.2.13netsec

asteriskopen_sourceMatch1.2.14

asteriskopen_sourceMatch1.2.14netsec

asteriskopen_sourceMatch1.2.15

asteriskopen_sourceMatch1.2.15netsec

asteriskopen_sourceMatch1.2.16

asteriskopen_sourceMatch1.2.16netsec

asteriskopen_sourceMatch1.2.17

asteriskopen_sourceMatch1.2.17netsec

asteriskopen_sourceMatch1.2.18

asteriskopen_sourceMatch1.2.18netsec

asteriskopen_sourceMatch1.2.19

asteriskopen_sourceMatch1.2.19netsec

asteriskopen_sourceMatch1.2.20

asteriskopen_sourceMatch1.2.20netsec

asteriskopen_sourceMatch1.2.21

asteriskopen_sourceMatch1.2.21netsec

asteriskopen_sourceMatch1.2.21.1

asteriskopen_sourceMatch1.2.21.1netsec

asteriskopen_sourceMatch1.2.22

asteriskopen_sourceMatch1.2.22netsec

asteriskopen_sourceMatch1.2.23

asteriskopen_sourceMatch1.2.23netsec

asteriskopen_sourceMatch1.2.24

asteriskopen_sourceMatch1.2.24netsec

asteriskopen_sourceMatch1.2.25

asteriskopen_sourceMatch1.2.25netsec

asteriskopen_sourceMatch1.2.26

asteriskopen_sourceMatch1.2.26netsec

asteriskopen_sourceMatch1.2.26.1

asteriskopen_sourceMatch1.2.26.1netsec

asteriskopen_sourceMatch1.2.26.2

asteriskopen_sourceMatch1.2.26.2netsec

asteriskopen_sourceMatch1.4.0

asteriskopen_sourceMatch1.4.0beta2

asteriskopen_sourceMatch1.4.0beta3

asteriskopen_sourceMatch1.4.0beta4

asteriskopen_sourceMatch1.4.1

asteriskopen_sourceMatch1.4.10

asteriskopen_sourceMatch1.4.10.1

asteriskopen_sourceMatch1.4.11

asteriskopen_sourceMatch1.4.12

asteriskopen_sourceMatch1.4.12.1

asteriskopen_sourceMatch1.4.13

asteriskopen_sourceMatch1.4.14

asteriskopen_sourceMatch1.4.15

asteriskopen_sourceMatch1.4.16

asteriskopen_sourceMatch1.4.16.1

asteriskopen_sourceMatch1.4.16.2

asteriskopen_sourceMatch1.4.17

asteriskopen_sourceMatch1.4.18

asteriskopen_sourceMatch1.4.18.1

asterisks800iRange≤1.1.0.2

asterisks800iMatch1.0

asterisks800iMatch1.0.1

asterisks800iMatch1.0.2

asterisks800iMatch1.0.3

asterisks800iMatch1.0.3.3

asterisks800iMatch1.1.0

asterisks800iMatch1.1.0.1

VendorProductVersionCPE
asteriskasterisk_appliance_developer_kit0.2cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*
asteriskasterisk_appliance_developer_kit0.3cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*
asteriskasterisk_appliance_developer_kit0.4cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*
asteriskasterisk_appliance_developer_kit0.5cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*
asteriskasterisk_appliance_developer_kit0.6cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*
asteriskasterisk_appliance_developer_kit0.6.0cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:*:*:*:*:*:*:*
asteriskasterisk_appliance_developer_kit0.7cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*
asteriskasterisk_appliance_developer_kit0.8cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*
asteriskasterisk_business_edition*cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*
asteriskasterisk_business_editionacpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asterisk	asterisk_appliance_developer_kit	0.2	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:::::::*
asterisk	asterisk_appliance_developer_kit	0.3	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:::::::*
asterisk	asterisk_appliance_developer_kit	0.4	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:::::::*
asterisk	asterisk_appliance_developer_kit	0.5	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:::::::*
asterisk	asterisk_appliance_developer_kit	0.6	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:::::::*
asterisk	asterisk_appliance_developer_kit	0.6.0	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:::::::*
asterisk	asterisk_appliance_developer_kit	0.7	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:::::::*
asterisk	asterisk_appliance_developer_kit	0.8	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:::::::*
asterisk	asterisk_business_edition	*	cpe:2.3:a:asterisk:asterisk_business_edition::::::::
asterisk	asterisk_business_edition	a	cpe:2.3:a:asterisk:asterisk_business_edition:a:::::::*