Lucene search
HistoryApr 23, 2008 - 4:05 p.m.
CVE-2008-1923
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
AI Score
6.5
Confidence
High
EPSS
0.019
Percentile
88.6%
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends “early audio” to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
Affected configurations
Node
asteriskasterisk_appliance_developer_kit
ORasteriskasterisk_business_editionRange≤b2.5.1
ORasteriskasterisk_business_editionRange≤c1.8.0
ORasteriskasterisk_business_editionMatcha
ORasteriskasterisk_business_editionMatchb.1.3.2
ORasteriskasterisk_business_editionMatchb.1.3.3
ORasteriskasterisk_business_editionMatchb.2.2.0
ORasteriskasterisk_business_editionMatchb.2.2.1
ORasteriskasterisk_business_editionMatchb.2.3.1
ORasteriskasterisk_business_editionMatchb.2.3.2
ORasteriskasterisk_business_editionMatchb.2.3.3
ORasteriskasterisk_business_editionMatchb.2.3.4
ORasteriskasterisk_business_editionMatchb.2.5.0
ORasteriskasterisk_business_editionMatchc.1.0-beta7
ORasteriskasterisk_business_editionMatchc.1.0-beta8
ORasteriskasterisk_business_editionMatchc.1.0beta7
ORasteriskasterisk_business_editionMatchc.1.6.1
ORasteriskasterisknowRange≤1.0.2
ORasteriskasterisknowMatch1.0
ORasteriskasterisknowMatch1.0.1
ORasteriskopen_sourceMatch1.0
ORasteriskopen_sourceMatch1.0.0
ORasteriskopen_sourceMatch1.0.1
ORasteriskopen_sourceMatch1.0.2
ORasteriskopen_sourceMatch1.0.3
ORasteriskopen_sourceMatch1.0.4
ORasteriskopen_sourceMatch1.0.5
ORasteriskopen_sourceMatch1.0.6
ORasteriskopen_sourceMatch1.0.7
ORasteriskopen_sourceMatch1.0.8
ORasteriskopen_sourceMatch1.0.9
ORasteriskopen_sourceMatch1.0.11
ORasteriskopen_sourceMatch1.0.11.1
ORasteriskopen_sourceMatch1.0.12
ORasteriskopen_sourceMatch1.2.0
ORasteriskopen_sourceMatch1.2.1
ORasteriskopen_sourceMatch1.2.2
ORasteriskopen_sourceMatch1.2.3
ORasteriskopen_sourceMatch1.2.3netsec
ORasteriskopen_sourceMatch1.2.4
ORasteriskopen_sourceMatch1.2.4netsec
ORasteriskopen_sourceMatch1.2.5
ORasteriskopen_sourceMatch1.2.5netsec
ORasteriskopen_sourceMatch1.2.6
ORasteriskopen_sourceMatch1.2.6netsec
ORasteriskopen_sourceMatch1.2.7
ORasteriskopen_sourceMatch1.2.7netsec
ORasteriskopen_sourceMatch1.2.7.1
ORasteriskopen_sourceMatch1.2.7.1netsec
ORasteriskopen_sourceMatch1.2.8
ORasteriskopen_sourceMatch1.2.8netsec
ORasteriskopen_sourceMatch1.2.9
ORasteriskopen_sourceMatch1.2.9.1
ORasteriskopen_sourceMatch1.2.9.1netsec
ORasteriskopen_sourceMatch1.2.10
ORasteriskopen_sourceMatch1.2.10netsec
ORasteriskopen_sourceMatch1.2.11
ORasteriskopen_sourceMatch1.2.11netsec
ORasteriskopen_sourceMatch1.2.12
ORasteriskopen_sourceMatch1.2.12netsec
ORasteriskopen_sourceMatch1.2.12.1
ORasteriskopen_sourceMatch1.2.13
ORasteriskopen_sourceMatch1.2.13netsec
ORasteriskopen_sourceMatch1.2.14
ORasteriskopen_sourceMatch1.2.14netsec
ORasteriskopen_sourceMatch1.2.15
ORasteriskopen_sourceMatch1.2.15netsec
ORasteriskopen_sourceMatch1.2.16
ORasteriskopen_sourceMatch1.2.16netsec
ORasteriskopen_sourceMatch1.2.17
ORasteriskopen_sourceMatch1.2.17netsec
ORasteriskopen_sourceMatch1.2.18
ORasteriskopen_sourceMatch1.2.18netsec
ORasteriskopen_sourceMatch1.2.19
ORasteriskopen_sourceMatch1.2.19netsec
ORasteriskopen_sourceMatch1.2.20
ORasteriskopen_sourceMatch1.2.20netsec
ORasteriskopen_sourceMatch1.2.21
ORasteriskopen_sourceMatch1.2.21netsec
ORasteriskopen_sourceMatch1.2.21.1
ORasteriskopen_sourceMatch1.2.21.1netsec
ORasteriskopen_sourceMatch1.2.22
ORasteriskopen_sourceMatch1.2.22netsec
ORasteriskopen_sourceMatch1.2.23
ORasteriskopen_sourceMatch1.2.23netsec
ORasteriskopen_sourceMatch1.2.24
ORasteriskopen_sourceMatch1.2.24netsec
ORasteriskopen_sourceMatch1.2.25
ORasteriskopen_sourceMatch1.2.25netsec
ORasteriskopen_sourceMatch1.2.26
ORasteriskopen_sourceMatch1.2.26netsec
ORasteriskopen_sourceMatch1.2.26.1
ORasteriskopen_sourceMatch1.2.26.1netsec
ORasteriskopen_sourceMatch1.2.26.2
ORasteriskopen_sourceMatch1.2.26.2netsec
ORasteriskopen_sourceMatch1.2.27
ORasteriskopen_sourceMatch1.2.28
ORasteriskopen_sourceMatch1.4.0
ORasteriskopen_sourceMatch1.4.0beta2
ORasteriskopen_sourceMatch1.4.0beta3
ORasteriskopen_sourceMatch1.4.0beta4
ORasteriskopen_sourceMatch1.4.1
ORasteriskopen_sourceMatch1.4.2
ORasteriskopen_sourceMatch1.4.3
ORasteriskopen_sourceMatch1.4.4
ORasteriskopen_sourceMatch1.4.5
ORasteriskopen_sourceMatch1.4.6
ORasteriskopen_sourceMatch1.4.7
ORasteriskopen_sourceMatch1.4.7.1
ORasteriskopen_sourceMatch1.4.8
ORasteriskopen_sourceMatch1.4.9
ORasteriskopen_sourceMatch1.4.10
ORasteriskopen_sourceMatch1.4.10.1
ORasteriskopen_sourceMatch1.4.11
ORasteriskopen_sourceMatch1.4.12
ORasteriskopen_sourceMatch1.4.12.1
ORasteriskopen_sourceMatch1.4.13
ORasteriskopen_sourceMatch1.4.14
ORasteriskopen_sourceMatch1.4.15
ORasteriskopen_sourceMatch1.4.16
ORasteriskopen_sourceMatch1.4.16.1
ORasteriskopen_sourceMatch1.4.16.2
ORasteriskopen_sourceMatch1.4.17
ORasteriskopen_sourceMatch1.4.18
ORasteriskopen_sourceMatch1.4.18.1
ORasteriskopen_sourceMatch1.4.19rc1
ORasteriskopen_sourceMatch1.4.19rc2
ORasteriskopen_sourceMatch1.4.19rc3
ORasteriskopen_sourceMatch1.4.19rc4
ORasterisks800iRange≤1.1.0.2
ORasterisks800iMatch1.0
ORasterisks800iMatch1.0.1
ORasterisks800iMatch1.0.2
ORasterisks800iMatch1.0.3
ORasterisks800iMatch1.0.3.3
ORasterisks800iMatch1.1.0
ORasterisks800iMatch1.1.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| asterisk | asterisk_appliance_developer_kit | * | cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | * | cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | a | cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | b.1.3.2 | cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | b.1.3.3 | cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | b.2.2.0 | cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | b.2.2.1 | cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | b.2.3.1 | cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | b.2.3.2 | cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:* |
| asterisk | asterisk_business_edition | b.2.3.3 | cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2008-04-23 16:05:00
Code injection
2008-04-23 16:05:00
cvelist
cvelist
CVE-2008-1923
2008-04-23 16:00:00
CVE-2008-1897
2008-04-23 00:00:00
debiancve
debiancve
CVE-2008-1923
2008-04-23 16:05:00
CVE-2008-1897
2008-04-23 16:05:00
cve
cve
CVE-2008-1923
2008-04-23 16:05:00
CVE-2008-1897
2008-04-23 16:05:00
ubuntucve
ubuntucve
CVE-2008-1923
2008-04-23 00:00:00
CVE-2008-1897
2008-04-23 00:00:00
nessus
nessus
Asterisk IAX2 Multiple Method Handshake Spoofing DoS
2008-05-06 00:00:00
nvd
nvd
CVE-2008-1897
2008-04-23 16:05:00
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
AI Score
6.5
Confidence
High
EPSS
0.019
Percentile
88.6%
Related for NVD:CVE-2008-1923