Lucene search
HistoryDec 15, 2011 - 3:57 a.m.
CVE-2011-4597
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
84.9%
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
Affected configurations
Node
digiumasteriskMatch1.8.0
ORdigiumasteriskMatch1.8.0beta1
ORdigiumasteriskMatch1.8.0beta2
ORdigiumasteriskMatch1.8.0beta3
ORdigiumasteriskMatch1.8.0beta4
ORdigiumasteriskMatch1.8.0beta5
ORdigiumasteriskMatch1.8.0rc2
ORdigiumasteriskMatch1.8.0rc3
ORdigiumasteriskMatch1.8.0rc4
ORdigiumasteriskMatch1.8.0rc5
ORdigiumasteriskMatch1.8.1
ORdigiumasteriskMatch1.8.1rc1
ORdigiumasteriskMatch1.8.1.1
ORdigiumasteriskMatch1.8.1.2
ORdigiumasteriskMatch1.8.2
ORdigiumasteriskMatch1.8.2.1
ORdigiumasteriskMatch1.8.2.2
ORdigiumasteriskMatch1.8.2.3
ORdigiumasteriskMatch1.8.2.4
ORdigiumasteriskMatch1.8.3
ORdigiumasteriskMatch1.8.3rc1
ORdigiumasteriskMatch1.8.3rc2
ORdigiumasteriskMatch1.8.3rc3
ORdigiumasteriskMatch1.8.3.1
ORdigiumasteriskMatch1.8.3.2
ORdigiumasteriskMatch1.8.3.3
ORdigiumasteriskMatch1.8.4
ORdigiumasteriskMatch1.8.4rc1
ORdigiumasteriskMatch1.8.4rc2
ORdigiumasteriskMatch1.8.4rc3
ORdigiumasteriskMatch1.8.4.1
ORdigiumasteriskMatch1.8.4.2
ORdigiumasteriskMatch1.8.4.3
ORdigiumasteriskMatch1.8.4.4
ORdigiumasteriskMatch1.8.5
ORdigiumasteriskMatch1.8.5rc1
ORdigiumasteriskMatch1.8.5.0
ORdigiumasteriskMatch1.8.6.0
ORdigiumasteriskMatch1.8.6.0rc1
ORdigiumasteriskMatch1.8.6.0rc2
ORdigiumasteriskMatch1.8.6.0rc3
ORdigiumasteriskMatch1.8.7.0
ORdigiumasteriskMatch1.8.7.0rc1
ORdigiumasteriskMatch1.8.7.0rc2
ORdigiumasteriskMatch1.8.7.1
Node
digiumasteriskMatch1.6.2.0
ORdigiumasteriskMatch1.6.2.0rc2
ORdigiumasteriskMatch1.6.2.0rc3
ORdigiumasteriskMatch1.6.2.0rc4
ORdigiumasteriskMatch1.6.2.0rc5
ORdigiumasteriskMatch1.6.2.0rc6
ORdigiumasteriskMatch1.6.2.0rc7
ORdigiumasteriskMatch1.6.2.0rc8
ORdigiumasteriskMatch1.6.2.1
ORdigiumasteriskMatch1.6.2.1rc1
ORdigiumasteriskMatch1.6.2.2
ORdigiumasteriskMatch1.6.2.3rc2
ORdigiumasteriskMatch1.6.2.4
ORdigiumasteriskMatch1.6.2.5
ORdigiumasteriskMatch1.6.2.6
ORdigiumasteriskMatch1.6.2.6rc1
ORdigiumasteriskMatch1.6.2.6rc2
ORdigiumasteriskMatch1.6.2.15rc1
ORdigiumasteriskMatch1.6.2.16
ORdigiumasteriskMatch1.6.2.16rc1
ORdigiumasteriskMatch1.6.2.16.1
ORdigiumasteriskMatch1.6.2.16.2
ORdigiumasteriskMatch1.6.2.17
ORdigiumasteriskMatch1.6.2.17rc1
ORdigiumasteriskMatch1.6.2.17rc2
ORdigiumasteriskMatch1.6.2.17rc3
ORdigiumasteriskMatch1.6.2.17.1
ORdigiumasteriskMatch1.6.2.17.2
ORdigiumasteriskMatch1.6.2.17.3
ORdigiumasteriskMatch1.6.2.18
ORdigiumasteriskMatch1.6.2.18rc1
ORdigiumasteriskMatch1.6.2.19
ORdigiumasteriskMatch1.6.2.19rc1
ORdigiumasteriskMatch1.6.2.20
ORdigiumasteriskMatch1.6.2.21
Node
digiumasteriskMatch1.4.0
ORdigiumasteriskMatch1.4.0beta1
ORdigiumasteriskMatch1.4.0beta2
ORdigiumasteriskMatch1.4.0beta3
ORdigiumasteriskMatch1.4.0beta4
ORdigiumasteriskMatch1.4.1
ORdigiumasteriskMatch1.4.2
ORdigiumasteriskMatch1.4.3
ORdigiumasteriskMatch1.4.4
ORdigiumasteriskMatch1.4.5
ORdigiumasteriskMatch1.4.6
ORdigiumasteriskMatch1.4.7
ORdigiumasteriskMatch1.4.7.1
ORdigiumasteriskMatch1.4.8
ORdigiumasteriskMatch1.4.9
ORdigiumasteriskMatch1.4.10
ORdigiumasteriskMatch1.4.10.1
ORdigiumasteriskMatch1.4.11
ORdigiumasteriskMatch1.4.12
ORdigiumasteriskMatch1.4.12.1
ORdigiumasteriskMatch1.4.13
ORdigiumasteriskMatch1.4.14
ORdigiumasteriskMatch1.4.15
ORdigiumasteriskMatch1.4.16
ORdigiumasteriskMatch1.4.16.1
ORdigiumasteriskMatch1.4.16.2
ORdigiumasteriskMatch1.4.17
ORdigiumasteriskMatch1.4.18
ORdigiumasteriskMatch1.4.19
ORdigiumasteriskMatch1.4.19rc1
ORdigiumasteriskMatch1.4.19rc2
ORdigiumasteriskMatch1.4.19rc3
ORdigiumasteriskMatch1.4.19rc4
ORdigiumasteriskMatch1.4.19.1
ORdigiumasteriskMatch1.4.19.2
ORdigiumasteriskMatch1.4.20
ORdigiumasteriskMatch1.4.20rc1
ORdigiumasteriskMatch1.4.20rc2
ORdigiumasteriskMatch1.4.20rc3
ORdigiumasteriskMatch1.4.20.1
ORdigiumasteriskMatch1.4.21
ORdigiumasteriskMatch1.4.21rc1
ORdigiumasteriskMatch1.4.21rc2
ORdigiumasteriskMatch1.4.21.1
ORdigiumasteriskMatch1.4.21.2
ORdigiumasteriskMatch1.4.22
ORdigiumasteriskMatch1.4.22rc1
ORdigiumasteriskMatch1.4.22rc2
ORdigiumasteriskMatch1.4.22rc3
ORdigiumasteriskMatch1.4.22rc4
ORdigiumasteriskMatch1.4.22rc5
ORdigiumasteriskMatch1.4.22.1
ORdigiumasteriskMatch1.4.22.2
ORdigiumasteriskMatch1.4.23
ORdigiumasteriskMatch1.4.23rc1
ORdigiumasteriskMatch1.4.23rc2
ORdigiumasteriskMatch1.4.23rc3
ORdigiumasteriskMatch1.4.23rc4
ORdigiumasteriskMatch1.4.23.1
ORdigiumasteriskMatch1.4.23.2
ORdigiumasteriskMatch1.4.24
ORdigiumasteriskMatch1.4.24rc1
ORdigiumasteriskMatch1.4.24.1
ORdigiumasteriskMatch1.4.25
ORdigiumasteriskMatch1.4.25rc1
ORdigiumasteriskMatch1.4.25.1
ORdigiumasteriskMatch1.4.26
ORdigiumasteriskMatch1.4.26rc1
ORdigiumasteriskMatch1.4.26rc2
ORdigiumasteriskMatch1.4.26rc3
ORdigiumasteriskMatch1.4.26rc4
ORdigiumasteriskMatch1.4.26rc5
ORdigiumasteriskMatch1.4.26rc6
ORdigiumasteriskMatch1.4.26.1
ORdigiumasteriskMatch1.4.26.2
ORdigiumasteriskMatch1.4.26.3
ORdigiumasteriskMatch1.4.27
ORdigiumasteriskMatch1.4.27rc1
ORdigiumasteriskMatch1.4.27rc2
ORdigiumasteriskMatch1.4.27rc3
ORdigiumasteriskMatch1.4.27rc4
ORdigiumasteriskMatch1.4.27rc5
ORdigiumasteriskMatch1.4.27.1
ORdigiumasteriskMatch1.4.28
ORdigiumasteriskMatch1.4.28rc1
ORdigiumasteriskMatch1.4.29
ORdigiumasteriskMatch1.4.29rc1
ORdigiumasteriskMatch1.4.29.1
ORdigiumasteriskMatch1.4.30
ORdigiumasteriskMatch1.4.30rc2
ORdigiumasteriskMatch1.4.30rc3
ORdigiumasteriskMatch1.4.31
ORdigiumasteriskMatch1.4.31rc1
ORdigiumasteriskMatch1.4.31rc2
ORdigiumasteriskMatch1.4.32
ORdigiumasteriskMatch1.4.32rc1
ORdigiumasteriskMatch1.4.33
ORdigiumasteriskMatch1.4.33rc1
ORdigiumasteriskMatch1.4.33rc2
ORdigiumasteriskMatch1.4.33.1
ORdigiumasteriskMatch1.4.34
ORdigiumasteriskMatch1.4.34rc1
ORdigiumasteriskMatch1.4.34rc2
ORdigiumasteriskMatch1.4.35
ORdigiumasteriskMatch1.4.35rc1
ORdigiumasteriskMatch1.4.36
ORdigiumasteriskMatch1.4.36rc1
ORdigiumasteriskMatch1.4.37
ORdigiumasteriskMatch1.4.37rc1
ORdigiumasteriskMatch1.4.38
ORdigiumasteriskMatch1.4.38rc1
ORdigiumasteriskMatch1.4.39
ORdigiumasteriskMatch1.4.39rc1
ORdigiumasteriskMatch1.4.39.1
ORdigiumasteriskMatch1.4.39.2
ORdigiumasteriskMatch1.4.40
ORdigiumasteriskMatch1.4.40rc1
ORdigiumasteriskMatch1.4.40rc2
ORdigiumasteriskMatch1.4.40rc3
ORdigiumasteriskMatch1.4.40.1
ORdigiumasteriskMatch1.4.40.2
ORdigiumasteriskMatch1.4.41
ORdigiumasteriskMatch1.4.41rc1
ORdigiumasteriskMatch1.4.41.1
ORdigiumasteriskMatch1.4.41.2
ORdigiumasteriskMatch1.4.42
ORdigiumasteriskMatch1.4.42rc1
ORdigiumasteriskMatch1.4.42rc2
References
archives.neohapsis.com/archives/bugtraq/2011-12/0151.html
downloads.asterisk.org/pub/security/AST-2011-013.html
lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
openwall.com/lists/oss-security/2011/12/09/3
openwall.com/lists/oss-security/2011/12/09/4
osvdb.org/77597
secunia.com/advisories/47273
www.debian.org/security/2011/dsa-2367
Related
debiancve
debiancve
CVE-2011-4597
2011-12-15 03:57:34
cve
cve
CVE-2011-4597
2011-12-15 03:57:34
prion
prion
Code injection
2011-12-15 03:57:00
securityvulns
securityvulns
Exploit for Asterisk Security Advisory AST-2011-013
2011-12-26 00:00:00
packetstorm
packetstorm
SIP Username Enumerator For Asterisk
2011-12-23 00:00:00
ubuntucve
ubuntucve
CVE-2011-4597
2011-12-15 00:00:00
cvelist
cvelist
CVE-2011-4597
2011-12-15 02:00:00
freebsd
freebsd
asterisk -- Multiple Vulnerabilities
2011-12-08 00:00:00
nessus
nessus
Asterisk Multiple Vulnerabilities (AST-2011-013 / AST-2011-014)
2011-12-14 00:00:00
FreeBSD : asterisk -- Multiple Vulnerabilities (bb389137-21fb-11e1-89b4-001ec9578670)
2011-12-09 00:00:00
Debian DSA-2367-1 : asterisk - several vulnerabilities
2012-01-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2367-1)
2012-02-11 00:00:00
FreeBSD Ports: asterisk18
2012-02-13 00:00:00
FreeBSD Ports: asterisk18
2012-02-13 00:00:00
debian
debian
[SECURITY] [DSA 2367-1] asterisk security update
2011-12-19 18:07:53
osv
osv
asterisk - several
2011-12-19 00:00:00
n0where
n0where
Node.js VoIP penetration testing frameworkΒ : Bluebox-ng
2017-11-14 16:01:19
fedora
fedora
[SECURITY] Fedora 15 Update: asterisk-1.8.10.1-1.fc15
2012-03-31 03:10:13
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
84.9%
Related for NVD:CVE-2011-4597