Lucene search

MitreCVE-2008-5558

HistoryDec 17, 2008 - 5:30 p.m.

CVE-2008-5558

2008-12-1717:30:00

CWE-287

mitre

web.nvd.nist.gov

asterisk

open source

business edition

cve-2008-5558

denial of service

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

Low

EPSS

0.079

Percentile

94.3%

JSON

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

Affected configurations

Nvd

Node

asteriskasterisk_business_editionMatchb.2.3.4

asteriskasterisk_business_editionMatchb.2.3.5

asteriskasterisk_business_editionMatchb.2.5.0

asteriskasterisk_business_editionMatchb.2.5.1

asteriskasterisk_business_editionMatchb.2.5.3

asteriskopen_sourceMatch1.2.26

asteriskopen_sourceMatch1.2.26netsec

asteriskopen_sourceMatch1.2.26.1

asteriskopen_sourceMatch1.2.26.1netsec

asteriskopen_sourceMatch1.2.26.2

asteriskopen_sourceMatch1.2.26.2netsec

asteriskopen_sourceMatch1.2.27

asteriskopen_sourceMatch1.2.28

asteriskopen_sourceMatch1.2.29

asteriskopen_sourceMatch1.2.30

asteriskopen_sourceMatch1.2.30.2

asteriskopen_sourceMatch1.2.30.3

VendorProductVersionCPE
asteriskasterisk_business_editionb.2.3.4cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*
asteriskasterisk_business_editionb.2.3.5cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*
asteriskasterisk_business_editionb.2.5.0cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*
asteriskasterisk_business_editionb.2.5.1cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*
asteriskasterisk_business_editionb.2.5.3cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*
asteriskopen_source1.2.26cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*
asteriskopen_source1.2.26cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*
asteriskopen_source1.2.26.1cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*
asteriskopen_source1.2.26.1cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*
asteriskopen_source1.2.26.2cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asterisk	asterisk_business_edition	b.2.3.4	cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:::::::*
asterisk	asterisk_business_edition	b.2.3.5	cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:::::::*
asterisk	asterisk_business_edition	b.2.5.0	cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:::::::*
asterisk	asterisk_business_edition	b.2.5.1	cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:::::::*
asterisk	asterisk_business_edition	b.2.5.3	cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:::::::*
asterisk	open_source	1.2.26	cpe:2.3:a:asterisk:open_source:1.2.26:::::::*
asterisk	open_source	1.2.26	cpe:2.3:a:asterisk:open_source:1.2.26:netsec::::::
asterisk	open_source	1.2.26.1	cpe:2.3:a:asterisk:open_source:1.2.26.1:::::::*
asterisk	open_source	1.2.26.1	cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec::::::
asterisk	open_source	1.2.26.2	cpe:2.3:a:asterisk:open_source:1.2.26.2:::::::*