Lucene search
HistoryJul 06, 2011 - 7:55 p.m.
CVE-2011-2666
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.4%
The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
Affected configurations
Node
digiumasteriskMatch1.6.2.0
ORdigiumasteriskMatch1.6.2.0rc2
ORdigiumasteriskMatch1.6.2.0rc3
ORdigiumasteriskMatch1.6.2.0rc4
ORdigiumasteriskMatch1.6.2.0rc5
ORdigiumasteriskMatch1.6.2.0rc6
ORdigiumasteriskMatch1.6.2.0rc7
ORdigiumasteriskMatch1.6.2.0rc8
ORdigiumasteriskMatch1.6.2.1
ORdigiumasteriskMatch1.6.2.1rc1
ORdigiumasteriskMatch1.6.2.2
ORdigiumasteriskMatch1.6.2.3rc2
ORdigiumasteriskMatch1.6.2.4
ORdigiumasteriskMatch1.6.2.5
ORdigiumasteriskMatch1.6.2.6
ORdigiumasteriskMatch1.6.2.6rc1
ORdigiumasteriskMatch1.6.2.6rc2
ORdigiumasteriskMatch1.6.2.15rc1
ORdigiumasteriskMatch1.6.2.16
ORdigiumasteriskMatch1.6.2.16rc1
ORdigiumasteriskMatch1.6.2.16.1
ORdigiumasteriskMatch1.6.2.16.2
ORdigiumasteriskMatch1.6.2.17
ORdigiumasteriskMatch1.6.2.17rc1
ORdigiumasteriskMatch1.6.2.17rc2
ORdigiumasteriskMatch1.6.2.17rc3
ORdigiumasteriskMatch1.6.2.17.1
ORdigiumasteriskMatch1.6.2.17.2
ORdigiumasteriskMatch1.6.2.17.3
ORdigiumasteriskMatch1.6.2.18
ORdigiumasteriskMatch1.6.2.18rc1
ORdigiumasteriskMatch1.6.2.18.1
ORdigiumasteriskMatch1.6.2.18.2
Node
digiumasteriskMatch1.4.0
ORdigiumasteriskMatch1.4.0beta1
ORdigiumasteriskMatch1.4.0beta2
ORdigiumasteriskMatch1.4.0beta3
ORdigiumasteriskMatch1.4.0beta4
ORdigiumasteriskMatch1.4.1
ORdigiumasteriskMatch1.4.2
ORdigiumasteriskMatch1.4.3
ORdigiumasteriskMatch1.4.4
ORdigiumasteriskMatch1.4.5
ORdigiumasteriskMatch1.4.6
ORdigiumasteriskMatch1.4.7
ORdigiumasteriskMatch1.4.7.1
ORdigiumasteriskMatch1.4.8
ORdigiumasteriskMatch1.4.9
ORdigiumasteriskMatch1.4.10
ORdigiumasteriskMatch1.4.10.1
ORdigiumasteriskMatch1.4.11
ORdigiumasteriskMatch1.4.12
ORdigiumasteriskMatch1.4.12.1
ORdigiumasteriskMatch1.4.13
ORdigiumasteriskMatch1.4.14
ORdigiumasteriskMatch1.4.15
ORdigiumasteriskMatch1.4.16
ORdigiumasteriskMatch1.4.16.1
ORdigiumasteriskMatch1.4.16.2
ORdigiumasteriskMatch1.4.17
ORdigiumasteriskMatch1.4.18
ORdigiumasteriskMatch1.4.19
ORdigiumasteriskMatch1.4.19rc1
ORdigiumasteriskMatch1.4.19rc2
ORdigiumasteriskMatch1.4.19rc3
ORdigiumasteriskMatch1.4.19rc4
ORdigiumasteriskMatch1.4.19.1
ORdigiumasteriskMatch1.4.19.2
ORdigiumasteriskMatch1.4.20
ORdigiumasteriskMatch1.4.20rc1
ORdigiumasteriskMatch1.4.20rc2
ORdigiumasteriskMatch1.4.20rc3
ORdigiumasteriskMatch1.4.20.1
ORdigiumasteriskMatch1.4.21
ORdigiumasteriskMatch1.4.21rc1
ORdigiumasteriskMatch1.4.21rc2
ORdigiumasteriskMatch1.4.21.1
ORdigiumasteriskMatch1.4.21.2
ORdigiumasteriskMatch1.4.22
ORdigiumasteriskMatch1.4.22rc1
ORdigiumasteriskMatch1.4.22rc2
ORdigiumasteriskMatch1.4.22rc3
ORdigiumasteriskMatch1.4.22rc4
ORdigiumasteriskMatch1.4.22rc5
ORdigiumasteriskMatch1.4.22.1
ORdigiumasteriskMatch1.4.22.2
ORdigiumasteriskMatch1.4.23
ORdigiumasteriskMatch1.4.23rc1
ORdigiumasteriskMatch1.4.23rc2
ORdigiumasteriskMatch1.4.23rc3
ORdigiumasteriskMatch1.4.23rc4
ORdigiumasteriskMatch1.4.23.1
ORdigiumasteriskMatch1.4.23.2
ORdigiumasteriskMatch1.4.24
ORdigiumasteriskMatch1.4.24rc1
ORdigiumasteriskMatch1.4.24.1
ORdigiumasteriskMatch1.4.25
ORdigiumasteriskMatch1.4.25rc1
ORdigiumasteriskMatch1.4.25.1
ORdigiumasteriskMatch1.4.26
ORdigiumasteriskMatch1.4.26rc1
ORdigiumasteriskMatch1.4.26rc2
ORdigiumasteriskMatch1.4.26rc3
ORdigiumasteriskMatch1.4.26rc4
ORdigiumasteriskMatch1.4.26rc5
ORdigiumasteriskMatch1.4.26rc6
ORdigiumasteriskMatch1.4.26.1
ORdigiumasteriskMatch1.4.26.2
ORdigiumasteriskMatch1.4.26.3
ORdigiumasteriskMatch1.4.27
ORdigiumasteriskMatch1.4.27rc1
ORdigiumasteriskMatch1.4.27rc2
ORdigiumasteriskMatch1.4.27rc3
ORdigiumasteriskMatch1.4.27rc4
ORdigiumasteriskMatch1.4.27rc5
ORdigiumasteriskMatch1.4.27.1
ORdigiumasteriskMatch1.4.28
ORdigiumasteriskMatch1.4.28rc1
ORdigiumasteriskMatch1.4.29
ORdigiumasteriskMatch1.4.29rc1
ORdigiumasteriskMatch1.4.29.1
ORdigiumasteriskMatch1.4.30
ORdigiumasteriskMatch1.4.30rc2
ORdigiumasteriskMatch1.4.30rc3
ORdigiumasteriskMatch1.4.31
ORdigiumasteriskMatch1.4.31rc1
ORdigiumasteriskMatch1.4.31rc2
ORdigiumasteriskMatch1.4.32
ORdigiumasteriskMatch1.4.32rc1
ORdigiumasteriskMatch1.4.33
ORdigiumasteriskMatch1.4.33rc1
ORdigiumasteriskMatch1.4.33rc2
ORdigiumasteriskMatch1.4.33.1
ORdigiumasteriskMatch1.4.34
ORdigiumasteriskMatch1.4.34rc1
ORdigiumasteriskMatch1.4.34rc2
ORdigiumasteriskMatch1.4.35
ORdigiumasteriskMatch1.4.35rc1
ORdigiumasteriskMatch1.4.36
ORdigiumasteriskMatch1.4.36rc1
ORdigiumasteriskMatch1.4.37
ORdigiumasteriskMatch1.4.37rc1
ORdigiumasteriskMatch1.4.38
ORdigiumasteriskMatch1.4.38rc1
ORdigiumasteriskMatch1.4.39
ORdigiumasteriskMatch1.4.39rc1
ORdigiumasteriskMatch1.4.39.1
ORdigiumasteriskMatch1.4.39.2
ORdigiumasteriskMatch1.4.40
ORdigiumasteriskMatch1.4.40rc1
ORdigiumasteriskMatch1.4.40rc2
ORdigiumasteriskMatch1.4.40rc3
ORdigiumasteriskMatch1.4.40.1
ORdigiumasteriskMatch1.4.40.2
ORdigiumasteriskMatch1.4.41
ORdigiumasteriskMatch1.4.41rc1
ORdigiumasteriskMatch1.4.41.1
ORdigiumasteriskMatch1.4.41.2
Related
prion
prion
Default configuration
2011-07-06 19:55:00
Code injection
2011-07-06 19:55:00
cve
cve
CVE-2011-2666
2011-07-06 19:55:03
CVE-2011-2536
2011-07-06 19:55:03
debiancve
debiancve
CVE-2011-2666
2011-07-06 19:55:03
CVE-2011-2536
2011-07-06 19:55:03
nessus
nessus
Asterisk Invalid INVITE / REGISTER SIP Request Username Enumeration (AST-2011-011)
2011-11-22 00:00:00
FreeBSD : Asterisk -- multiple vulnerabilities (40544e8c-9f7b-11e0-9bec-6c626dd55a41)
2011-06-27 00:00:00
Debian DSA-2493-1 : asterisk - denial of service
2012-06-29 00:00:00
ubuntucve
ubuntucve
CVE-2011-2666
2011-07-06 00:00:00
CVE-2011-2536
2011-07-06 00:00:00
cvelist
cvelist
CVE-2011-2666
2011-07-06 19:00:00
CVE-2011-2536
2011-07-06 19:00:00
openvas
openvas
FreeBSD Ports: asterisk14
2011-08-03 00:00:00
Debian: Security Advisory (DSA-2276-2)
2011-08-03 00:00:00
securityvulns
securityvulns
AST-2011-011: Possible enumeration of SIP users due to differing authentication responses
2011-07-04 00:00:00
Asterisk user account enumeration
2011-07-04 00:00:00
nvd
nvd
CVE-2011-2536
2011-07-06 19:55:03
n0where
n0where
Node.js VoIP penetration testing frameworkΒ : Bluebox-ng
2017-11-14 16:01:19
debian
debian
[SECURITY] [DSA 2493-1] asterisk security update
2012-06-12 19:38:06
freebsd
freebsd
Asterisk -- multiple vulnerabilities
2011-06-24 00:00:00
osv
osv
asterisk - denial of service
2012-06-12 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2011-10-24 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.4%
Related for NVD:CVE-2011-2666