This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
It is possible to bypass authentication and make calls using the
remote VoIP service.
The version of Asterisk installed on the remote host allows
unauthenticated calls via the SIP channel driver. Using a specially
crafted From header, a remote attacker can bypass authentication and
make calls into the context specified in the 'general' section of
See also :
Upgrade to Asterisk 1.2.27 / 126.96.36.199 / 1.4.19-rc3 / 1.6.0-beta6,
Asterisk Business Edition B.2.5.1 / C.1.6.2, AsteriskNOW 1.0.2, Asterisk
Appliance Developer Kit 1.4 revision 109393, s800i (Asterisk Appliance)
188.8.131.52 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Nessus Plugin ID: 32135 (asterisk_sip_auth_bypass.nasl)
Bugtraq ID: 28310
CVE ID: CVE-2008-1332
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.