Lucene search

MitreCVE-2008-1390

HistoryMar 24, 2008 - 5:44 p.m.

CVE-2008-1390

2008-03-2417:44:00

CWE-255

mitre

web.nvd.nist.gov

asteriskgui

http server

vulnerability

remote attackers

hijack

manager sessions

id values

cve-2008-1390

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.038

Percentile

92.0%

JSON

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

Affected configurations

Nvd

Node

asteriskasteriskMatch1.4.1

asteriskasteriskMatch1.4.2

asteriskasteriskMatch1.4.3

asteriskasteriskMatch1.4.4

asteriskasteriskMatch1.4.5

asteriskasteriskMatch1.4.6

asteriskasteriskMatch1.4.7

asteriskasteriskMatch1.4.8

asteriskasteriskMatch1.4.9

asteriskasteriskMatch1.4.10

asteriskasteriskMatch1.4.11

asteriskasteriskMatch1.4.12

asteriskasteriskMatch1.4.13

asteriskasteriskMatch1.4.14

asteriskasteriskMatch1.4.15

asteriskasteriskMatch1.4.16

asteriskasteriskMatch1.4.17

asteriskasteriskMatch1.4.18.1

asteriskasteriskMatch1.4_beta

asteriskasteriskMatch1.4_revision_95946

asteriskasteriskMatch1.6

asteriskasterisk_appliance_developer_kitMatch0.2

asteriskasterisk_appliance_developer_kitMatch0.3

asteriskasterisk_appliance_developer_kitMatch0.4

asteriskasterisk_appliance_developer_kitMatch0.5

asteriskasterisk_appliance_developer_kitMatch0.6

asteriskasterisk_appliance_developer_kitMatch0.7

asteriskasterisk_appliance_developer_kitMatch0.8

asteriskasterisk_appliance_developer_kitMatch1.4

asteriskasterisk_business_editionMatchc.1.0-beta7

asteriskasterisk_business_editionMatchc.1.0-beta8

asteriskasterisknowMatch1.0

asteriskasterisknowMatchbeta_5

asteriskasterisknowMatchbeta_6

asteriskasterisknowMatchbeta_7

asterisks800iMatch1.0

asterisks800iMatch1.0.1

asterisks800iMatch1.0.2

asterisks800iMatch1.0.3

asterisks800iMatch1.1.0

VendorProductVersionCPE
asteriskasterisk1.4.1cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
asteriskasterisk1.4.2cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
asteriskasterisk1.4.3cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*
asteriskasterisk1.4.4cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*
asteriskasterisk1.4.5cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*
asteriskasterisk1.4.6cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*
asteriskasterisk1.4.7cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*
asteriskasterisk1.4.8cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*
asteriskasterisk1.4.9cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*
asteriskasterisk1.4.10cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asterisk	asterisk	1.4.1	cpe:2.3:a:asterisk:asterisk:1.4.1:::::::*
asterisk	asterisk	1.4.2	cpe:2.3:a:asterisk:asterisk:1.4.2:::::::*
asterisk	asterisk	1.4.3	cpe:2.3:a:asterisk:asterisk:1.4.3:::::::*
asterisk	asterisk	1.4.4	cpe:2.3:a:asterisk:asterisk:1.4.4:::::::*
asterisk	asterisk	1.4.5	cpe:2.3:a:asterisk:asterisk:1.4.5:::::::*
asterisk	asterisk	1.4.6	cpe:2.3:a:asterisk:asterisk:1.4.6:::::::*
asterisk	asterisk	1.4.7	cpe:2.3:a:asterisk:asterisk:1.4.7:::::::*
asterisk	asterisk	1.4.8	cpe:2.3:a:asterisk:asterisk:1.4.8:::::::*
asterisk	asterisk	1.4.9	cpe:2.3:a:asterisk:asterisk:1.4.9:::::::*
asterisk	asterisk	1.4.10	cpe:2.3:a:asterisk:asterisk:1.4.10:::::::*