7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.126 Low
EPSS
Percentile
94.6%
Several vulnerabilities have been discovered in asterisk, an Open Source
PBX and telephony toolkit. The Common Vulnerabilities and Exposures
project identifies the following problems:
The current version in oldstable is not supported by upstream anymore
and is affected by several security issues. Backporting fixes for these
and any future issues has become unfeasible and therefore we need to
drop our security support for the version in oldstable. We recommend
that all asterisk users upgrade to the stable distribution (lenny).
For the stable distribution (lenny), these problems have been fixed in
version 1:1.4.21.2~dfsg-3+lenny1.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1:1.6.2.0~rc7-1.
We recommend that you upgrade your asterisk packages.
CPE | Name | Operator | Version |
---|---|---|---|
asterisk | eq | 1:1.4.21.2~dfsg-3 |