Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2009-0041
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.23:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:rc4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta7:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:rc5:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta7:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.23:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:*:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.20:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta5:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4_revision_95946:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.21.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.21:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:*:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:rc6:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:*:beta8:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.20:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:h:asterisk:s800i_appliance:1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta8:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.22:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.22.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.19.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta9:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0:beta4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.6.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.21:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.21.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.20:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.4.22:rc4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.securityfocus.com/bid/33174
- http://securityreason.com/securityalert/4910
- http://downloads.digium.com/pub/security/AST-2009-001.html
- http://secunia.com/advisories/33453
- http://www.securitytracker.com/id?1021549
- http://security.gentoo.org/glsa/glsa-200905-01.xml
- http://secunia.com/advisories/34982
- http://secunia.com/advisories/37677
- http://www.debian.org/security/2009/dsa-1952
- http://www.vupen.com/english/advisories/2009/0063
- http://www.securityfocus.com/archive/1/499884/100/0/threaded