Unauthenticated Call Handling Flaw in Asterisk Voice Communication Software
CVE-2008-1897

Currently unrated

Key Information:

Vendor

Asterisk

Status
Asterisk Business Edition
Asterisk Appliance Developer Kit
Open Source
S800i
Vendor
CVE Published:
23 April 2008

What is CVE-2008-1897?

The IAX2 channel driver in Asterisk versions prior to specified releases fails to validate the call identifier in ACK responses for unauthenticated calls. This oversight enables remote attackers to exploit the system by sending spoofed ACK responses, disrupting the normal traffic flow and potentially leading to service outages. This vulnerability underscores the importance of stringent authentication and verification mechanisms in VoIP systems to mitigate potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://security.gentoo.org/glsa/glsa-200905-01.xml
vendor-advisory
http://secunia.com/advisories/29927
third-party-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41966
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.