Vulnerability Details : CVE-2008-1390
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Products affected by CVE-2008-1390
- cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*
Threat overview for CVE-2008-1390
Top countries where our scanners detected CVE-2008-1390
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-1390 5
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-1390!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-1390
1.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1390
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-1390
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1390
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41304
Asterisk HTTP Manager ID weak security CVE-2008-1390 Vulnerability Report
-
http://www.securitytracker.com/id?1019679
Access Denied
-
http://securityreason.com/securityalert/3764
HTTP Manager ID is predictable - CXSecurity.com
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
[SECURITY] Fedora 7 Update: asterisk-1.4.18.1-1.fc7
-
http://secunia.com/advisories/29449
About Secunia Research | FlexeraVendor Advisory
-
http://downloads.digium.com/pub/security/AST-2008-005.html
Index of /pub/security/
-
http://www.securityfocus.com/archive/1/489819/100/0/threaded
-
http://www.securityfocus.com/bid/28316
-
http://secunia.com/advisories/29470
About Secunia Research | Flexera
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
[SECURITY] Fedora 8 Update: asterisk-1.4.18.1-1.fc8
Jump to