CVE-2007-4280 — Asterisk vulnerability

4 documents4 sources

Severity

3.5LOWNVD

EPSS

2.9%

top 13.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Asterisk Debian Asterisk Asterisk Appliance Developer KIT +2 more

Timeline

PublishedAug 9

Latest updateMay 1

Description

The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages6 packages

▶NVDasterisk/asterisk_appliance_developer_kit0.6.0

▶NVDasterisk/s800i1.0.2

▶NVDasterisk/asterisknowbeta_6

▶debiandebian/asterisk< asterisk 1:1.4.10~dfsg-1 (bullseye)

▶Debianasterisk/asterisk< 1:1.4.10~dfsg-1

Patches

Patch: downloads.digium.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-3p5p-863p-q64f: The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1↗2022-05-01

▶

OSV

CVE-2007-4280: The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1↗2007-08-09

▶

📋Vendor Advisories

1

Debian

CVE-2007-4280: asterisk - The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, A...↗2007

▶

CVE-2007-4280 — Debian Asterisk vulnerability | cvebase