9.3
CVE-2008-1390
- EPSS 3.84%
- Veröffentlicht 24.03.2008 17:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asterisk ≫ Asterisk Appliance Developer Kit Version0.2
Asterisk ≫ Asterisk Appliance Developer Kit Version0.3
Asterisk ≫ Asterisk Appliance Developer Kit Version0.4
Asterisk ≫ Asterisk Appliance Developer Kit Version0.5
Asterisk ≫ Asterisk Appliance Developer Kit Version0.6
Asterisk ≫ Asterisk Appliance Developer Kit Version0.7
Asterisk ≫ Asterisk Appliance Developer Kit Version0.8
Asterisk ≫ Asterisk Appliance Developer Kit Version1.4
Asterisk ≫ Asterisk Business Edition Versionc.1.0-beta7
Asterisk ≫ Asterisk Business Edition Versionc.1.0-beta8
Asterisk ≫ Asterisknow Version1.0
Asterisk ≫ Asterisknow Versionbeta_5
Asterisk ≫ Asterisknow Versionbeta_6
Asterisk ≫ Asterisknow Versionbeta_7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.84% | 0.887 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/29470
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
http://downloads.digium.com/pub/security/AST-2008-005.html
http://secunia.com/advisories/29449
http://securityreason.com/securityalert/3764
http://www.securityfocus.com/archive/1/489819/100/0/threaded
http://www.securityfocus.com/bid/28316
http://www.securitytracker.com/id?1019679
https://exchange.xforce.ibmcloud.com/vulnerabilities/41304