CVE-2007-6430
published 2007-12-20CVE-2007-6430: Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.95%
77.7th percentile
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | — | — |
| asterisk | asterisk_business_edition | >= 0 < 1:1.4.16.2~dfsg-1 | 1:1.4.16.2~dfsg-1 |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3h3j-j53r-q78w: Asterisk Open Source 1
ghsa_unreviewed·2022-05-01
CVE-2007-6430 [MEDIUM] CWE-287 GHSA-3h3j-j53r-q78w: Asterisk Open Source 1
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
OSV
CVE-2007-6430: Asterisk Open Source 1
osv·2007-12-20·CVSS 4.3
CVE-2007-6430 [MEDIUM] CVE-2007-6430: Asterisk Open Source 1
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
Debian
CVE-2007-6430: asterisk - Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business E...
vendor_debian·2007·CVSS 4.3
CVE-2007-6430 [MEDIUM] CVE-2007-6430: asterisk - Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business E...
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
Scope: local
bullseye: resolved (fixed in 1:1.4.16.2~dfsg-1)
sid: resolved (fixed in 1:1.4.16.2~dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://downloads.digium.com/pub/security/AST-2007-027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://secunia.com/advisories/28149http://secunia.com/advisories/29242http://secunia.com/advisories/29456http://secunia.com/advisories/29782http://security.gentoo.org/glsa/glsa-200804-13.xmlhttp://securityreason.com/securityalert/3467http://www.debian.org/security/2008/dsa-1525http://www.osvdb.org/39519http://www.securityfocus.com/archive/1/485287/100/0/threadedhttp://www.securityfocus.com/bid/26928http://www.securitytracker.com/id?1019110http://www.vupen.com/english/advisories/2007/4260https://exchange.xforce.ibmcloud.com/vulnerabilities/39124http://downloads.digium.com/pub/security/AST-2007-027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://secunia.com/advisories/28149http://secunia.com/advisories/29242http://secunia.com/advisories/29456http://secunia.com/advisories/29782http://security.gentoo.org/glsa/glsa-200804-13.xmlhttp://securityreason.com/securityalert/3467http://www.debian.org/security/2008/dsa-1525http://www.osvdb.org/39519http://www.securityfocus.com/archive/1/485287/100/0/threadedhttp://www.securityfocus.com/bid/26928http://www.securitytracker.com/id?1019110http://www.vupen.com/english/advisories/2007/4260https://exchange.xforce.ibmcloud.com/vulnerabilities/39124
2007-12-20
Published