CVE-2008-5558Improper Authentication in Asterisk

CWE-287Improper Authentication4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
2.1%
top 15.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Asterisk Business EditionDebian AsteriskAsterisk Open Source
Timeline
PublishedDec 17
Latest updateMay 14

Description

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianasterisk/asterisk_business_edition< 1:1.4.0~dfsg-1
NVDasterisk/open_source9 versions+8
debiandebian/asterisk< asterisk 1:1.4.0~dfsg-1 (bullseye)

🔴Vulnerability Details

2
GHSA
GHSA-rvg3-83c6-fx75: Asterisk Open Source 12022-05-14
OSV
CVE-2008-5558: Asterisk Open Source 12008-12-17

📋Vendor Advisories

1
Debian
CVE-2008-5558: asterisk - Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 throug...2008
CVE-2008-5558 — Improper Authentication in Asterisk | cvebase