1. Home
  2. CVE Database
  3. CVE-2008-1390
HIGH · 9.3

CVE-2008-1390

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before ...

Vulnerability Description

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
AsteriskAsterisk1.4.1
AsteriskAsterisk Appliance Developer Kit0.2
AsteriskAsterisk Business Editionc.1.0-beta7
AsteriskAsterisknow1.0
AsteriskS800I1.0

Related Weaknesses (CWE)

CWE-255

References

FAQ

What is CVE-2008-1390?

CVE-2008-1390 is a vulnerability with a CVSS score of 9.3 (HIGH). The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before ...

How severe is CVE-2008-1390?

CVE-2008-1390 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1390?

Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Asterisk, Asterisk Asterisk Appliance Developer Kit, Asterisk Asterisk Business Edition, Asterisk Asterisknow, Asterisk S800I.