9.3

CVE-2008-1390

EPSS 2.65%
Published 24.03.2008 17:44:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Asterisk ≫ Asterisk Version1.4.1

Asterisk ≫ Asterisk Version1.4.2

Asterisk ≫ Asterisk Version1.4.3

Asterisk ≫ Asterisk Version1.4.4

Asterisk ≫ Asterisk Version1.4.5

Asterisk ≫ Asterisk Version1.4.6

Asterisk ≫ Asterisk Version1.4.7

Asterisk ≫ Asterisk Version1.4.8

Asterisk ≫ Asterisk Version1.4.9

Asterisk ≫ Asterisk Version1.4.10

Asterisk ≫ Asterisk Version1.4.11

Asterisk ≫ Asterisk Version1.4.12

Asterisk ≫ Asterisk Version1.4.13

Asterisk ≫ Asterisk Version1.4.14

Asterisk ≫ Asterisk Version1.4.15

Asterisk ≫ Asterisk Version1.4.16

Asterisk ≫ Asterisk Version1.4.17

Asterisk ≫ Asterisk Version1.4.18.1

Asterisk ≫ Asterisk Version1.4_beta

Asterisk ≫ Asterisk Version1.4_revision_95946

Asterisk ≫ Asterisk Version1.6

Asterisk ≫ Asterisk Appliance Developer Kit Version0.2

Asterisk ≫ Asterisk Appliance Developer Kit Version0.3

Asterisk ≫ Asterisk Appliance Developer Kit Version0.4

Asterisk ≫ Asterisk Appliance Developer Kit Version0.5

Asterisk ≫ Asterisk Appliance Developer Kit Version0.6

Asterisk ≫ Asterisk Appliance Developer Kit Version0.7

Asterisk ≫ Asterisk Appliance Developer Kit Version0.8

Asterisk ≫ Asterisk Appliance Developer Kit Version1.4

Asterisk ≫ Asterisk Business Edition Versionc.1.0-beta7

Asterisk ≫ Asterisk Business Edition Versionc.1.0-beta8

Asterisk ≫ Asterisknow Version1.0

Asterisk ≫ Asterisknow Versionbeta_5

Asterisk ≫ Asterisknow Versionbeta_6

Asterisk ≫ Asterisknow Versionbeta_7

Asterisk ≫ S800i Version1.0

Asterisk ≫ S800i Version1.0.1

Asterisk ≫ S800i Version1.0.2

Asterisk ≫ S800i Version1.0.3

Asterisk ≫ S800i Version1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.65%	0.852

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/29470

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html

http://downloads.digium.com/pub/security/AST-2008-005.html

http://secunia.com/advisories/29449

Vendor Advisory

http://securityreason.com/securityalert/3764

http://www.securityfocus.com/archive/1/489819/100/0/threaded

http://www.securityfocus.com/bid/28316

http://www.securitytracker.com/id?1019679

https://exchange.xforce.ibmcloud.com/vulnerabilities/41304

https://nvd.nist.gov/vuln/detail/CVE-2008-1390

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1390

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1390

EUVD