9.3

CVE-2008-1390

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Version1.4.1
AsteriskAsterisk Version1.4.2
AsteriskAsterisk Version1.4.3
AsteriskAsterisk Version1.4.4
AsteriskAsterisk Version1.4.5
AsteriskAsterisk Version1.4.6
AsteriskAsterisk Version1.4.7
AsteriskAsterisk Version1.4.8
AsteriskAsterisk Version1.4.9
AsteriskAsterisk Version1.4.10
AsteriskAsterisk Version1.4.11
AsteriskAsterisk Version1.4.12
AsteriskAsterisk Version1.4.13
AsteriskAsterisk Version1.4.14
AsteriskAsterisk Version1.4.15
AsteriskAsterisk Version1.4.16
AsteriskAsterisk Version1.4.17
AsteriskAsterisk Version1.4.18.1
AsteriskAsterisk Version1.4_beta
AsteriskAsterisk Version1.4_revision_95946
AsteriskAsterisk Version1.6
AsteriskAsterisk Business Edition Versionc.1.0-beta7
AsteriskAsterisk Business Edition Versionc.1.0-beta8
AsteriskAsterisknow Version1.0
AsteriskAsterisknow Versionbeta_5
AsteriskAsterisknow Versionbeta_6
AsteriskAsterisknow Versionbeta_7
AsteriskS800i Version1.0
AsteriskS800i Version1.0.1
AsteriskS800i Version1.0.2
AsteriskS800i Version1.0.3
AsteriskS800i Version1.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.84% 0.887
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/29470
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
http://downloads.digium.com/pub/security/AST-2008-005.html
http://secunia.com/advisories/29449
Vendor Advisory
http://securityreason.com/securityalert/3764
http://www.securityfocus.com/archive/1/489819/100/0/threaded
http://www.securityfocus.com/bid/28316
http://www.securitytracker.com/id?1019679
https://exchange.xforce.ibmcloud.com/vulnerabilities/41304