CVE-2008-1390
CRITICAL
9.3
CVSS Severity Score
Vulnerability Description
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Affected Platforms (CPE)
📦
Asterisk
Asterisk
= 1.4.1📦
Asterisk
Asterisk
= 1.4.2📦
Asterisk
Asterisk
= 1.4.3📦
Asterisk
Asterisk
= 1.4.4📦
Asterisk
Asterisk
= 1.4.5📦
Asterisk
Asterisk
= 1.4.6📦
Asterisk
Asterisk
= 1.4.7📦
Asterisk
Asterisk
= 1.4.8📦
Asterisk
Asterisk
= 1.4.9📦
Asterisk
Asterisk
= 1.4.10📦
Asterisk
Asterisk
= 1.4.11📦
Asterisk
Asterisk
= 1.4.12📦
Asterisk
Asterisk
= 1.4.13📦
Asterisk
Asterisk
= 1.4.14📦
Asterisk
Asterisk
= 1.4.15📦
Asterisk
Asterisk
= 1.4.16📦
Asterisk
Asterisk
= 1.4.17📦
Asterisk
Asterisk
= 1.4.18.1📦
Asterisk
Asterisk
= 1.4_beta📦
Asterisk
Asterisk
= 1.4_revision_95946📦
Asterisk
Asterisk
= 1.6📦
Asterisk
Asterisk Appliance Developer Kit
= 0.2📦
Asterisk
Asterisk Appliance Developer Kit
= 0.3📦
Asterisk
Asterisk Appliance Developer Kit
= 0.4📦
Asterisk
Asterisk Appliance Developer Kit
= 0.5📦
Asterisk
Asterisk Appliance Developer Kit
= 0.6📦
Asterisk
Asterisk Appliance Developer Kit
= 0.7📦
Asterisk
Asterisk Appliance Developer Kit
= 0.8📦
Asterisk
Asterisk Appliance Developer Kit
= 1.4📦
Asterisk
Asterisk Business Edition
= c.1.0-beta7📦
Asterisk
Asterisk Business Edition
= c.1.0-beta8📦
Asterisk
Asterisknow
= 1.0📦
Asterisk
Asterisknow
= beta_5📦
Asterisk
Asterisknow
= beta_6📦
Asterisk
Asterisknow
= beta_7📦
Asterisk
S800i
= 1.0📦
Asterisk
S800i
= 1.0.1📦
Asterisk
S800i
= 1.0.2📦
Asterisk
S800i
= 1.0.3📦
Asterisk