CVE-2008-1390

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://downloads.digium.com/pub/security/AST-2008-005.html
http://secunia.com/advisories/29449	Vendor Advisory
http://secunia.com/advisories/29470
http://securityreason.com/securityalert/3764
http://www.securityfocus.com/archive/1/489819/100/0/threaded
http://www.securityfocus.com/bid/28316
http://www.securitytracker.com/id?1019679
https://exchange.xforce.ibmcloud.com/vulnerabilities/41304
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
http://downloads.digium.com/pub/security/AST-2008-005.html
http://secunia.com/advisories/29449	Vendor Advisory
http://secunia.com/advisories/29470
http://securityreason.com/securityalert/3764
http://www.securityfocus.com/archive/1/489819/100/0/threaded
http://www.securityfocus.com/bid/28316
http://www.securitytracker.com/id?1019679
https://exchange.xforce.ibmcloud.com/vulnerabilities/41304
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:asterisk:asterisk:1.4.1:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.2:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.3:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.4:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.5:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.6:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.7:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.8:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.9:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.10:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.11:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.12:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.13:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.14:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.15:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.16:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.17:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4.18.1:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4_beta:::::::*
	cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:::::::*
	cpe:2.3:a:asterisk:asterisk:1.6:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:::::::*
	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:::::::*
	cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:::::::*
	cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:::::::*
	cpe:2.3:a:asterisk:asterisknow:1.0:::::::*
	cpe:2.3:a:asterisk:asterisknow:beta_5:::::::*
	cpe:2.3:a:asterisk:asterisknow:beta_6:::::::*
	cpe:2.3:a:asterisk:asterisknow:beta_7:::::::*
	cpe:2.3:a:asterisk:s800i:1.0:::::::*
	cpe:2.3:a:asterisk:s800i:1.0.1:::::::*
	cpe:2.3:a:asterisk:s800i:1.0.2:::::::*
	cpe:2.3:a:asterisk:s800i:1.0.3:::::::*
	cpe:2.3:a:asterisk:s800i:1.1.0:::::::*

History

21 Nov 2024, 00:44

Type	Values Removed	Values Added
References	~~() http://downloads.digium.com/pub/security/AST-2008-005.html -~~	() http://downloads.digium.com/pub/security/AST-2008-005.html -
References	~~() http://secunia.com/advisories/29449 - Vendor Advisory~~	() http://secunia.com/advisories/29449 - Vendor Advisory
References	~~() http://secunia.com/advisories/29470 -~~	() http://secunia.com/advisories/29470 -
References	~~() http://securityreason.com/securityalert/3764 -~~	() http://securityreason.com/securityalert/3764 -
References	~~() http://www.securityfocus.com/archive/1/489819/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/489819/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/28316 -~~	() http://www.securityfocus.com/bid/28316 -
References	~~() http://www.securitytracker.com/id?1019679 -~~	() http://www.securitytracker.com/id?1019679 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 -
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html -~~	() https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html -
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html -~~	() https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html -

Information

Published : 2008-03-24 17:44

Updated : 2025-04-09 00:30

NVD link : CVE-2008-1390

Mitre link : CVE-2008-1390

CVE.ORG link : CVE-2008-1390

JSON object : View

Products Affected

asterisk

asterisknow
asterisk_business_edition
s800i
asterisk
asterisk_appliance_developer_kit

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2008-1390", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-24T17:44:00.000", "references": [{"url": "http://downloads.digium.com/pub/security/AST-2008-005.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29449", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29470", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3764", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28316", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019679", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", "source": "cve@mitre.org"}, {"url": "http://downloads.digium.com/pub/security/AST-2008-005.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29449", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29470", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3764", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28316", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1019679", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."}, {"lang": "es", "value": "El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisi\u00f3n 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gesti\u00f3n no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesi\u00f3n de gesti\u00f3n a trav\u00e9s de una serie de adivinaciones de ID."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84CB8C4A-F001-4DD7-8DFE-CB082B4BB969"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96DB0240-E93D-4BDB-859B-B44C91996993"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F4BA849-E092-404A-92CD-44C2D99AE971"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C7014B4-1860-49AD-9469-9954C3CC01C0"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D1F0056-0945-476C-982E-7B41EB420A99"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A53DEC9D-B288-42CD-9387-57315AC98D72"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89C1F33F-27B6-4C56-92FF-EB2861ABBC22"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64E07CF3-073D-4705-96A6-13367D4F5CAA"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18D19CB0-E3D7-40DB-B0C0-B62BB6075267"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77FB7CC1-BD0D-4F34-AB21-59CFD23C494C"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "997FA3C7-1894-478A-ABF1-52DD2B0487E1"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E02BE0-BF4A-46C9-AFB5-47E8F18E3D17"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "292190EE-D9C8-4E3A-BB34-0ECD7B865482"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DAC55F9-1D43-4AA8-87C9-DB165442700B"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "195B012E-0538-4140-9035-F5D1A442778B"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78AC03A7-41AB-45AF-AD89-291A7429B8A0"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB08F4FA-8600-4D21-A565-B3BF636634B4"}, {"criteria": "cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEAE6729-D79A-49B8-9758-BA74A60A238A"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C05B437-C292-4AA0-8AFE-1CA07CD80034"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81DDF486-4185-48EE-869E-0AA6726C31F7"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5757B9B-2759-439A-9A6D-CCDD6C8C8940"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCD71268-EAA2-477B-8AC4-DE4853A262B8"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "529B2115-A191-4F3F-8F8C-A38B7C45463A"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E2D0508-C418-48CE-BF83-39F893688D1C"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BC80EBD-14D3-44A6-A06F-0549722E0EFA"}, {"criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7859797F-E9AD-4429-BD2C-A24EC24A5D03"}, {"criteria": "cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC6FE17C-3B08-4675-9F73-5DC0C2438BB1"}, {"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A"}, {"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F"}, {"criteria": "cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AE2F09E-4B5A-4EDF-A48A-BCBBAA80156B"}, {"criteria": "cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C3A0A08-4107-4B8B-AE7E-DC23849A54DC"}, {"criteria": "cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9320928D-D83C-4258-AF62-AB2D1F50D972"}, {"criteria": "cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "569084D1-977D-41FC-A444-0B3F5199DDD3"}, {"criteria": "cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D182FB-761C-4F08-A776-B613FAC55230"}, {"criteria": "cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7B5EDAB-61DD-4864-A159-39292D339DA2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.3 /10