Vulnerability Details : CVE-2008-5558
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Vulnerability category: BypassGain privilegeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-5558
Probability of exploitation activity in the next 30 days: 7.95%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-5558
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-5558
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5558
-
http://securityreason.com/securityalert/4769
-
http://www.securityfocus.com/archive/1/499117/100/0/threaded
-
http://www.securitytracker.com/id?1021378
-
http://downloads.digium.com/pub/security/AST-2008-012.html
-
http://security.gentoo.org/glsa/glsa-200905-01.xml
Asterisk: Multiple vulnerabilities (GLSA 200905-01) — Gentoo security
-
http://www.vupen.com/english/advisories/2008/3403
-
http://www.securityfocus.com/bid/32773
Products affected by CVE-2008-5558
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*