CVE-2008-1390

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisión 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gestión no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesión de gestión a través de una serie de adivinaciones de ID.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-03-18 CVE Reserved
2008-03-19 CVE Published
2024-08-07 CVE Updated
2024-11-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (10)

URL	Tag	Source
http://downloads.digium.com/pub/security/AST-2008-005.html	X_refsource_confirm
http://secunia.com/advisories/29470	Third Party Advisory
http://securityreason.com/securityalert/3764	Third Party Advisory
http://www.securityfocus.com/archive/1/489819/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/28316	Vdb Entry
http://www.securitytracker.com/id?1019679	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41304	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/29449	2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html	2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.1 Search vendor "Asterisk" for product "Asterisk" and version "1.4.1"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.2 Search vendor "Asterisk" for product "Asterisk" and version "1.4.2"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.3 Search vendor "Asterisk" for product "Asterisk" and version "1.4.3"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.4 Search vendor "Asterisk" for product "Asterisk" and version "1.4.4"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.5 Search vendor "Asterisk" for product "Asterisk" and version "1.4.5"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.6 Search vendor "Asterisk" for product "Asterisk" and version "1.4.6"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.7 Search vendor "Asterisk" for product "Asterisk" and version "1.4.7"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.8 Search vendor "Asterisk" for product "Asterisk" and version "1.4.8"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.9 Search vendor "Asterisk" for product "Asterisk" and version "1.4.9"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.10 Search vendor "Asterisk" for product "Asterisk" and version "1.4.10"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.11 Search vendor "Asterisk" for product "Asterisk" and version "1.4.11"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.12 Search vendor "Asterisk" for product "Asterisk" and version "1.4.12"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.13 Search vendor "Asterisk" for product "Asterisk" and version "1.4.13"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.14 Search vendor "Asterisk" for product "Asterisk" and version "1.4.14"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.15 Search vendor "Asterisk" for product "Asterisk" and version "1.4.15"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.16 Search vendor "Asterisk" for product "Asterisk" and version "1.4.16"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.17 Search vendor "Asterisk" for product "Asterisk" and version "1.4.17"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4.18.1 Search vendor "Asterisk" for product "Asterisk" and version "1.4.18.1"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4_beta Search vendor "Asterisk" for product "Asterisk" and version "1.4_beta"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.4_revision_95946 Search vendor "Asterisk" for product "Asterisk" and version "1.4_revision_95946"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Search vendor "Asterisk" for product "Asterisk"				1.6 Search vendor "Asterisk" for product "Asterisk" and version "1.6"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				0.2 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.2"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				0.3 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.3"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				0.4 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.4"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				0.5 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.5"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				0.6 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.6"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				0.7 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.7"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				0.8 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "0.8"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Appliance Developer Kit Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit"				1.4 Search vendor "Asterisk" for product "Asterisk Appliance Developer Kit" and version "1.4"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Business Edition Search vendor "Asterisk" for product "Asterisk Business Edition"				c.1.0-beta7 Search vendor "Asterisk" for product "Asterisk Business Edition" and version "c.1.0-beta7"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisk Business Edition Search vendor "Asterisk" for product "Asterisk Business Edition"				c.1.0-beta8 Search vendor "Asterisk" for product "Asterisk Business Edition" and version "c.1.0-beta8"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisknow Search vendor "Asterisk" for product "Asterisknow"				1.0 Search vendor "Asterisk" for product "Asterisknow" and version "1.0"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisknow Search vendor "Asterisk" for product "Asterisknow"				beta_5 Search vendor "Asterisk" for product "Asterisknow" and version "beta_5"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisknow Search vendor "Asterisk" for product "Asterisknow"				beta_6 Search vendor "Asterisk" for product "Asterisknow" and version "beta_6"		-		Affected
Asterisk Search vendor "Asterisk"		Asterisknow Search vendor "Asterisk" for product "Asterisknow"				beta_7 Search vendor "Asterisk" for product "Asterisknow" and version "beta_7"		-		Affected
Asterisk Search vendor "Asterisk"		S800i Search vendor "Asterisk" for product "S800i"				1.0 Search vendor "Asterisk" for product "S800i" and version "1.0"		-		Affected
Asterisk Search vendor "Asterisk"		S800i Search vendor "Asterisk" for product "S800i"				1.0.1 Search vendor "Asterisk" for product "S800i" and version "1.0.1"		-		Affected
Asterisk Search vendor "Asterisk"		S800i Search vendor "Asterisk" for product "S800i"				1.0.2 Search vendor "Asterisk" for product "S800i" and version "1.0.2"		-		Affected
Asterisk Search vendor "Asterisk"		S800i Search vendor "Asterisk" for product "S800i"				1.0.3 Search vendor "Asterisk" for product "S800i" and version "1.0.3"		-		Affected
Asterisk Search vendor "Asterisk"		S800i Search vendor "Asterisk" for product "S800i"				1.1.0 Search vendor "Asterisk" for product "S800i" and version "1.1.0"		-		Affected