This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The remote VoIP service can be abused to conduct an amplification
attack against third-party hosts.
The firmware download protocol implemented in the version of Asterisk
installed on the remote host does not initiate a handshake. By spoofing
an IAX2 FWDOWNL request, an unauthenticated, remote attacker may be able
to leverage this issue to flood a third-party host with unwanted
firmware packets from the affected host.
See also :
Upgrade to Asterisk Open Source 220.127.116.11 / 1.2.30, Asterisk Business
Edition C.2.0.3 / C.1.10.3 / B.2.5.4, s800i (Asterisk Appliance) 18.104.22.168
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Denial of Service
Nessus Plugin ID: 33564 (asterisk_iax2_spoofed_fwdownl.nasl)
Bugtraq ID: 30350
CVE ID: CVE-2008-3264
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.