CVE Vulnerabilities

CVE-2008-1390

Published: Mar 24, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

Affected Software

Name Vendor Start Version End Version
Asterisk Asterisk 1.4.12 1.4.12
Asterisk Asterisk 1.4.13 1.4.13
Asterisk_appliance_developer_kit Asterisk 0.3 0.3
Asterisk_appliance_developer_kit Asterisk 0.6 0.6
Asterisk Asterisk 1.4.18.1 1.4.18.1
S800i Asterisk 1.0 1.0
Asterisknow Asterisk beta_7 beta_7
S800i Asterisk 1.0.2 1.0.2
Asterisk Asterisk 1.6 1.6
Asterisk Asterisk 1.4.11 1.4.11
Asterisk Asterisk 1.4_revision_95946 1.4_revision_95946
Asterisknow Asterisk beta_6 beta_6
Asterisknow Asterisk beta_5 beta_5
Asterisk Asterisk 1.4.3 1.4.3
Asterisk Asterisk 1.4_beta 1.4_beta
Asterisk_business_edition Asterisk c.1.0-beta8 c.1.0-beta8
Asterisk Asterisk 1.4.14 1.4.14
S800i Asterisk 1.1.0 1.1.0
Asterisk Asterisk 1.4.5 1.4.5
Asterisk Asterisk 1.4.9 1.4.9
Asterisk Asterisk 1.4.6 1.4.6
Asterisk Asterisk 1.4.17 1.4.17
Asterisk Asterisk 1.4.8 1.4.8
Asterisk_appliance_developer_kit Asterisk 0.7 0.7
Asterisk Asterisk 1.4.4 1.4.4
Asterisk_appliance_developer_kit Asterisk 0.4 0.4
Asterisk Asterisk 1.4.2 1.4.2
S800i Asterisk 1.0.3 1.0.3
Asterisk Asterisk 1.4.16 1.4.16
Asterisk Asterisk 1.4.15 1.4.15
Asterisk_appliance_developer_kit Asterisk 1.4 1.4
S800i Asterisk 1.0.1 1.0.1
Asterisk Asterisk 1.4.10 1.4.10
Asterisk Asterisk 1.4.7 1.4.7
Asterisk_appliance_developer_kit Asterisk 0.8 0.8
Asterisk_appliance_developer_kit Asterisk 0.5 0.5
Asterisk Asterisk 1.4.1 1.4.1
Asterisk_appliance_developer_kit Asterisk 0.2 0.2
Asterisk_business_edition Asterisk c.1.0-beta7 c.1.0-beta7
Asterisknow Asterisk 1.0 1.0

References