Vulnerability Details : CVE-2007-6430
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2007-6430
Probability of exploitation activity in the next 30 days: 0.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-6430
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-6430
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6430
- http://www.debian.org/security/2008/dsa-1525
-
http://securityreason.com/securityalert/3467
-
http://www.securityfocus.com/bid/26928
-
http://downloads.digium.com/pub/security/AST-2007-027.html
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:005 - openSUSE Security Announce - openSUSE Mailing Lists
- http://security.gentoo.org/glsa/glsa-200804-13.xml
-
http://www.securityfocus.com/archive/1/485287/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/4260
-
http://www.securitytracker.com/id?1019110
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39124
Products affected by CVE-2007-6430
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0beta7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*