Lucene search
HistorySep 08, 2009 - 6:30 p.m.
CVE-2009-2346
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
6.4 Medium
AI Score
Confidence
Low
0.966 High
EPSS
Percentile
99.6%
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
Affected configurations
Node
asteriskasteriskMatchb.1.3.2business
ORasteriskasteriskMatchb.1.3.3business
ORasteriskasteriskMatchb.2.2.0business
ORasteriskasteriskMatchb.2.2.1business
ORasteriskasteriskMatchb.2.3.1business
ORasteriskasteriskMatchb.2.3.2business
ORasteriskasteriskMatchb.2.3.3business
ORasteriskasteriskMatchb.2.3.4business
ORasteriskasteriskMatchb.2.3.5business
ORasteriskasteriskMatchb.2.3.6business
ORasteriskasteriskMatchb.2.5.1business
ORasteriskasteriskMatchb.2.5.3business
ORasteriskasteriskMatchb.2.5.4business
ORasteriskasteriskMatchb.2.5.5business
ORasteriskasteriskMatchb.2.5.6business
ORasteriskasteriskMatchb.2.5.8business
ORasteriskasteriskMatchb.2.5.9business
ORasteriskasteriskMatchc.1.0_beta7business
ORasteriskasteriskMatchc.1.0_beta8business
ORasteriskasteriskMatchc.1.6business
ORasteriskasteriskMatchc.1.6.1business
ORasteriskasteriskMatchc.1.6.2business
ORasteriskasteriskMatchc.1.8.1business
ORasteriskasteriskMatchc.1.10.3business
ORasteriskasteriskMatchc.1.10.4business
ORasteriskasteriskMatchc.1.10.5business
ORasteriskasteriskMatchc.2.1.2.1business
ORasteriskasteriskMatchc.2.3business
ORasteriskasteriskMatchc.2.3.3business
ORasteriskasteriskMatchc.2.4.2business
ORasteriskasteriskMatchc.3.1.0business
ORasteriskopen_sourceMatch1.2.0
ORasteriskopen_sourceMatch1.2.0beta1
ORasteriskopen_sourceMatch1.2.0beta2
ORasteriskopen_sourceMatch1.2.0rc1
ORasteriskopen_sourceMatch1.2.0rc2
ORasteriskopen_sourceMatch1.2.1
ORasteriskopen_sourceMatch1.2.2
ORasteriskopen_sourceMatch1.2.2netsec
ORasteriskopen_sourceMatch1.2.3
ORasteriskopen_sourceMatch1.2.3netsec
ORasteriskopen_sourceMatch1.2.4
ORasteriskopen_sourceMatch1.2.4netsec
ORasteriskopen_sourceMatch1.2.5
ORasteriskopen_sourceMatch1.2.5netsec
ORasteriskopen_sourceMatch1.2.6
ORasteriskopen_sourceMatch1.2.6netsec
ORasteriskopen_sourceMatch1.2.7
ORasteriskopen_sourceMatch1.2.7netsec
ORasteriskopen_sourceMatch1.2.7.1
ORasteriskopen_sourceMatch1.2.7.1netsec
ORasteriskopen_sourceMatch1.2.8
ORasteriskopen_sourceMatch1.2.8netsec
ORasteriskopen_sourceMatch1.2.9
ORasteriskopen_sourceMatch1.2.9.1
ORasteriskopen_sourceMatch1.2.9.1netsec
ORasteriskopen_sourceMatch1.2.10
ORasteriskopen_sourceMatch1.2.10netsec
ORasteriskopen_sourceMatch1.2.11
ORasteriskopen_sourceMatch1.2.11netsec
ORasteriskopen_sourceMatch1.2.12
ORasteriskopen_sourceMatch1.2.12netsec
ORasteriskopen_sourceMatch1.2.12.1
ORasteriskopen_sourceMatch1.2.12.1netsec
ORasteriskopen_sourceMatch1.2.13
ORasteriskopen_sourceMatch1.2.13netsec
ORasteriskopen_sourceMatch1.2.14
ORasteriskopen_sourceMatch1.2.14netsec
ORasteriskopen_sourceMatch1.2.15
ORasteriskopen_sourceMatch1.2.15netsec
ORasteriskopen_sourceMatch1.2.16
ORasteriskopen_sourceMatch1.2.16netsec
ORasteriskopen_sourceMatch1.2.17
ORasteriskopen_sourceMatch1.2.17netsec
ORasteriskopen_sourceMatch1.2.18
ORasteriskopen_sourceMatch1.2.18netsec
ORasteriskopen_sourceMatch1.2.19
ORasteriskopen_sourceMatch1.2.19netsec
ORasteriskopen_sourceMatch1.2.20
ORasteriskopen_sourceMatch1.2.20netsec
ORasteriskopen_sourceMatch1.2.21
ORasteriskopen_sourceMatch1.2.21netsec
ORasteriskopen_sourceMatch1.2.21.1
ORasteriskopen_sourceMatch1.2.21.1netsec
ORasteriskopen_sourceMatch1.2.22
ORasteriskopen_sourceMatch1.2.22netsec
ORasteriskopen_sourceMatch1.2.23
ORasteriskopen_sourceMatch1.2.23netsec
ORasteriskopen_sourceMatch1.2.24
ORasteriskopen_sourceMatch1.2.24netsec
ORasteriskopen_sourceMatch1.2.25
ORasteriskopen_sourceMatch1.2.25netsec
ORasteriskopen_sourceMatch1.2.26
ORasteriskopen_sourceMatch1.2.26netsec
ORasteriskopen_sourceMatch1.2.26.1
ORasteriskopen_sourceMatch1.2.26.1netsec
ORasteriskopen_sourceMatch1.2.26.2
ORasteriskopen_sourceMatch1.2.26.2netsec
ORasteriskopen_sourceMatch1.2.27
ORasteriskopen_sourceMatch1.2.28
ORasteriskopen_sourceMatch1.2.29
ORasteriskopen_sourceMatch1.2.30
ORasteriskopen_sourceMatch1.2.30.2
ORasteriskopen_sourceMatch1.2.30.3
ORasteriskopen_sourceMatch1.2.30.4
ORasteriskopen_sourceMatch1.2.31
ORasteriskopen_sourceMatch1.2.32
ORasteriskopen_sourceMatch1.2.33
ORasteriskopen_sourceMatch1.2.34
ORasteriskopen_sourceMatch1.4.0
ORasteriskopen_sourceMatch1.4.0beta2
ORasteriskopen_sourceMatch1.4.0beta3
ORasteriskopen_sourceMatch1.4.0beta4
ORasteriskopen_sourceMatch1.4.1
ORasteriskopen_sourceMatch1.4.2
ORasteriskopen_sourceMatch1.4.3
ORasteriskopen_sourceMatch1.4.4
ORasteriskopen_sourceMatch1.4.5
ORasteriskopen_sourceMatch1.4.6
ORasteriskopen_sourceMatch1.4.7
ORasteriskopen_sourceMatch1.4.7.1
ORasteriskopen_sourceMatch1.4.8
ORasteriskopen_sourceMatch1.4.9
ORasteriskopen_sourceMatch1.4.10
ORasteriskopen_sourceMatch1.4.10.1
ORasteriskopen_sourceMatch1.4.11
ORasteriskopen_sourceMatch1.4.12
ORasteriskopen_sourceMatch1.4.12.1
ORasteriskopen_sourceMatch1.4.13
ORasteriskopen_sourceMatch1.4.14
ORasteriskopen_sourceMatch1.4.15
ORasteriskopen_sourceMatch1.4.16
ORasteriskopen_sourceMatch1.4.16.1
ORasteriskopen_sourceMatch1.4.16.2
ORasteriskopen_sourceMatch1.4.17
ORasteriskopen_sourceMatch1.4.18
ORasteriskopen_sourceMatch1.4.18.1
ORasteriskopen_sourceMatch1.4.19
ORasteriskopen_sourceMatch1.4.19rc-2
ORasteriskopen_sourceMatch1.4.19rc1
ORasteriskopen_sourceMatch1.4.19rc2
ORasteriskopen_sourceMatch1.4.19rc3
ORasteriskopen_sourceMatch1.4.19rc4
ORasteriskopen_sourceMatch1.4.19.1
ORasteriskopen_sourceMatch1.4.19.2
ORasteriskopen_sourceMatch1.4.20
ORasteriskopen_sourceMatch1.4.20rc1
ORasteriskopen_sourceMatch1.4.20rc2
ORasteriskopen_sourceMatch1.4.20rc3
ORasteriskopen_sourceMatch1.4.21
ORasteriskopen_sourceMatch1.4.21rc1
ORasteriskopen_sourceMatch1.4.21rc2
ORasteriskopen_sourceMatch1.4.21.1
ORasteriskopen_sourceMatch1.4.21.2
ORasteriskopen_sourceMatch1.4.22
ORasteriskopen_sourceMatch1.4.22rc3
ORasteriskopen_sourceMatch1.4.22rc4
ORasteriskopen_sourceMatch1.4.22.1
ORasteriskopen_sourceMatch1.4.22.2
ORasteriskopen_sourceMatch1.4.23
ORasteriskopen_sourceMatch1.4.23rc1
ORasteriskopen_sourceMatch1.4.23rc2
ORasteriskopen_sourceMatch1.4.23rc3
ORasteriskopen_sourceMatch1.4beta
ORasteriskopen_sourceMatch1.6.0beta1
ORasteriskopen_sourceMatch1.6.0beta2
ORasteriskopen_sourceMatch1.6.0beta3
ORasteriskopen_sourceMatch1.6.0beta4
ORasteriskopen_sourceMatch1.6.0beta5
ORasteriskopen_sourceMatch1.6.0beta7
ORasteriskopen_sourceMatch1.6.0beta7.1
ORasteriskopen_sourceMatch1.6.0beta8
ORasteriskopen_sourceMatch1.6.0beta9
ORasteriskopen_sourceMatch1.6.0rc4
ORasteriskopen_sourceMatch1.6.0rc5
ORasteriskopen_sourceMatch1.6.0rc6
ORasteriskopen_sourceMatch1.6.0.1
ORasteriskopen_sourceMatch1.6.0.2
ORasteriskopen_sourceMatch1.6.0.3
ORasteriskopen_sourceMatch1.6.0.3rc1
ORasteriskopen_sourceMatch1.6.1
ORasteriskopen_sourceMatch1.6.1.0rc1
ORasteriskopen_sourceMatch1.6.1.0rc2
ORasteriskopen_sourceMatch1.6.1.4
ORasteriskopen_sourceMatch1.6.1.5
ORasteriskopensourceMatch1.4.23.2
ORasteriskopensourceMatch1.4.24
ORasteriskopensourceMatch1.4.24.1
ORasteriskopensourceMatch1.4.26
ORasteriskopensourceMatch1.4.26.1
ORasteriskappliance_s800iMatch1.3
ORasteriskappliance_s800iMatch1.3.0.2
Related
cve
cve
CVE-2009-2346
2009-09-08 18:30:00
CVE-2008-3263
2008-07-22 23:41:00
cvelist
cvelist
CVE-2009-2346
2009-09-08 18:00:00
CVE-2008-3263
2008-07-22 23:00:00
ubuntucve
ubuntucve
CVE-2009-2346
2009-09-08 00:00:00
CVE-2008-3263
2008-07-22 00:00:00
debiancve
debiancve
CVE-2009-2346
2009-09-08 18:30:00
CVE-2008-3263
2008-07-22 23:41:00
prion
prion
Sql injection
2009-09-08 18:30:00
Design/Logic Flaw
2008-07-22 23:41:00
openvas
openvas
Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (AST-2009-006)
2009-09-18 00:00:00
Fedora Core 11 FEDORA-2009-9405 (asterisk)
2009-09-28 00:00:00
Fedora Core 11 FEDORA-2009-9405 (asterisk)
2009-09-28 00:00:00
nessus
nessus
Asterisk IAX2 (IAX) POKE Request Saturation Resource Exhaustion Remote DoS
2008-07-25 00:00:00
Asterisk IAX2 Call Number Exhaustion DoS
2009-09-08 00:00:00
Fedora 11 : asterisk-1.6.1.6-1.fc11 (2009-9405)
2009-09-28 00:00:00
securityvulns
securityvulns
Asterisk IAX2 DoS
2009-09-04 00:00:00
AST-2009-006: IAX2 Call Number Resource Exhaustion
2009-09-04 00:00:00
AST-2008-010: Asterisk IAX 'POKE' resource exhaustion
2008-07-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk IAX2 POKE Request Denial of Service (CVE-2008-3263)
2013-01-07 00:00:00
Digium Asterisk IAX2 Call Number Denial Of Service (CVE-2009-2346)
2010-03-03 00:00:00
nvd
nvd
CVE-2008-3263
2008-07-22 23:41:00
fedora
fedora
[SECURITY] Fedora 11 Update: asterisk-1.6.1.6-1.fc11
2009-09-25 20:10:23
[SECURITY] Fedora 8 Update: asterisk-1.4.21.2-1.fc8
2008-07-24 02:11:44
[SECURITY] Fedora 9 Update: asterisk-1.6.0-0.19.beta9.fc9
2008-07-30 20:07:58
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2010-06-04 00:00:00
Asterisk: Multiple vulnerabilities
2009-05-02 00:00:00
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
6.4 Medium
AI Score
Confidence
Low
0.966 High
EPSS
Percentile
99.6%
Related for NVD:CVE-2009-2346