PRIOn knowledge basePRION:CVE-2008-3264Server side request forgery (ssrf)
6.7 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.079 Low
EPSS
Percentile
94.1%
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
References
downloads.digium.com/pub/security/AST-2008-011.html
secunia.com/advisories/31178
secunia.com/advisories/31194
secunia.com/advisories/34982
security.gentoo.org/glsa/glsa-200905-01.xml
www.securityfocus.com/archive/1/494676/100/0/threaded
www.securityfocus.com/bid/30350
www.securitytracker.com/id?1020536
www.vupen.com/english/advisories/2008/2168/references
exchange.xforce.ibmcloud.com/vulnerabilities/43955
www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html
Related
6.7 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.079 Low
EPSS
Percentile
94.1%