CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1390

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile14.09th
PublishedMar 24, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

Affected Platforms (CPE)

πŸ“¦
Asterisk

Asterisk

= 1.4.1
πŸ“¦
Asterisk

Asterisk

= 1.4.2
πŸ“¦
Asterisk

Asterisk

= 1.4.3
πŸ“¦
Asterisk

Asterisk

= 1.4.4
πŸ“¦
Asterisk

Asterisk

= 1.4.5
πŸ“¦
Asterisk

Asterisk

= 1.4.6
πŸ“¦
Asterisk

Asterisk

= 1.4.7
πŸ“¦
Asterisk

Asterisk

= 1.4.8
πŸ“¦
Asterisk

Asterisk

= 1.4.9
πŸ“¦
Asterisk

Asterisk

= 1.4.10
πŸ“¦
Asterisk

Asterisk

= 1.4.11
πŸ“¦
Asterisk

Asterisk

= 1.4.12
πŸ“¦
Asterisk

Asterisk

= 1.4.13
πŸ“¦
Asterisk

Asterisk

= 1.4.14
πŸ“¦
Asterisk

Asterisk

= 1.4.15
πŸ“¦
Asterisk

Asterisk

= 1.4.16
πŸ“¦
Asterisk

Asterisk

= 1.4.17
πŸ“¦
Asterisk

Asterisk

= 1.4.18.1
πŸ“¦
Asterisk

Asterisk

= 1.4_beta
πŸ“¦
Asterisk

Asterisk

= 1.4_revision_95946
πŸ“¦
Asterisk

Asterisk

= 1.6
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 0.2
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 0.3
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 0.4
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 0.5
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 0.6
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 0.7
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 0.8
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

= 1.4
πŸ“¦
Asterisk

Asterisk Business Edition

= c.1.0-beta7
πŸ“¦
Asterisk

Asterisk Business Edition

= c.1.0-beta8
πŸ“¦
Asterisk

Asterisknow

= 1.0
πŸ“¦
Asterisk

Asterisknow

= beta_5
πŸ“¦
Asterisk

Asterisknow

= beta_6
πŸ“¦
Asterisk

Asterisknow

= beta_7
πŸ“¦
Asterisk

S800i

= 1.0
πŸ“¦
Asterisk

S800i

= 1.0.1
πŸ“¦
Asterisk

S800i

= 1.0.2
πŸ“¦
Asterisk

S800i

= 1.0.3
πŸ“¦
Asterisk

S800i

= 1.1.0

References & Advisories

πŸ”— http://downloads.digium.com/pub/security/AST-2008-005.html
πŸ”— http://secunia.com/advisories/29449
πŸ”— http://secunia.com/advisories/29470
πŸ”— http://securityreason.com/securityalert/3764
πŸ”— http://www.securityfocus.com/archive/1/489819/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/28316
πŸ”— http://www.securitytracker.com/id?1019679
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41304

Related Vulnerabilities

CVE-2007-248810.0

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attacke...

CVE-2017-141009.8

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13...

CVE-2007-37629.3

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edit...

CVE-2011-15999.0

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17...