Denial of Service Vulnerability in Asterisk Firmware Download Implementation
CVE-2008-3264

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk Appliance Developer Kit; Asterisk Business Edition; Asterisknow; Open Source
Vendor: CVE Published:; 24 July 2008

Summary

The FWDOWNL firmware-download process in Asterisk Open Source versions prior to 1.2.30 and 1.4.21.2, along with certain Business Edition products, is susceptible to a remote denial of service attack. Attackers can exploit this vulnerability by sending specially crafted IAX2 FWDOWNL requests, leading to traffic amplification and subsequent denial of service conditions for affected systems. Proper security measures and patches should be applied to mitigate this risk.

References

http://www.securitytracker.com/id?1020536

vdb-entryx_refsource_SECTRACK

http://security.gentoo.org/glsa/glsa-200905-01.xml

vendor-advisoryx_refsource_GENTOO

http://secunia.com/advisories/31194

third-party-advisoryx_refsource_SECUNIA

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 24, 2008
Vulnerability Reserved
Jul 22, 2008