Denial of Service Vulnerability in Asterisk Products by Digium
CVE-2008-1923

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk Business Edition; Open Source; S800i; Asterisknow
Vendor: CVE Published:; 23 April 2008

What is CVE-2008-1923?

The IAX2 channel driver in Asterisk, when configured to permit unauthenticated calls, is susceptible to a denial of service attack. This occurs when the system sends 'early audio' to an unverified source IP address in response to a spoofed NEW message, allowing remote attackers to leverage this feature for traffic amplification, potentially overwhelming the service and disrupting communication.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42049

vdb-entryx_refsource_XF

http://downloads.digium.com/pub/security/AST-2008-006.html

x_refsource_CONFIRM

http://bugs.digium.com/view.php?id=10078

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2008
Vulnerability Reserved
Apr 23, 2008