CVE-2008-3264Improper Authentication in Asterisk

CWE-287Improper Authentication4 documents4 sources
Severity
7.8HIGHNVD
EPSS
7.5%
top 8.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Asterisk Appliance Developer KITDebian AsteriskAsterisk Business Edition+2 more
Timeline
PublishedJul 24
Latest updateMay 1

Description

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages6 packages

Debianasterisk/asterisk_appliance_developer_kit< 1:1.4.21.2~dfsg-1
NVDasterisk/open_source83 versions+82
NVDasterisk/asterisknow4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-mgmv-gxwr-mfmr: The FWDOWNL firmware-download implementation in Asterisk Open Source 12022-05-01
OSV
CVE-2008-3264: The FWDOWNL firmware-download implementation in Asterisk Open Source 12008-07-24

📋Vendor Advisories

1
Debian
CVE-2008-3264: asterisk - The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2....2008
CVE-2008-3264 — Improper Authentication in Asterisk | cvebase