Vulnerability Description
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk | b.1.3.2 |
| Asterisk | Open Source | 1.2.0 |
| Asterisk | Opensource | 1.4.23.2 |
| Sangoma | Asterisk | 1.6.1 |
| Asterisk | Appliance S800I | 1.3 |
Related Weaknesses (CWE)
References
- http://downloads.asterisk.org/pub/security/AST-2009-006.htmlVendor Advisory
- http://secunia.com/advisories/36593Vendor Advisory
- http://securitytracker.com/id?1022819
- http://www.securityfocus.com/archive/1/506257/100/0/threaded
- http://www.securityfocus.com/bid/36275
- http://downloads.asterisk.org/pub/security/AST-2009-006.htmlVendor Advisory
- http://secunia.com/advisories/36593Vendor Advisory
- http://securitytracker.com/id?1022819
- http://www.securityfocus.com/archive/1/506257/100/0/threaded
- http://www.securityfocus.com/bid/36275
FAQ
What is CVE-2009-2346?
CVE-2009-2346 is a vulnerability with a CVSS score of 7.8 (HIGH). The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x ...
How severe is CVE-2009-2346?
CVE-2009-2346 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2346?
Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Asterisk, Asterisk Open Source, Asterisk Opensource, Sangoma Asterisk, Asterisk Appliance S800I.