This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.
The remote VoIP service is susceptible to a denial of service attack.
The version of Asterisk running on the remote host appears to be using
an older implementation of the IAX2 protocol that does not support
call token validation. Due to a design flaw in the protocol, a remote
attacker could send a large number of messages, exhausting all
available call numbers in the process. This would result in a denial
of service to legitimate users.
See also :
Upgrade to the relevant version of Asterisk referenced in the
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Denial of Service
Nessus Plugin ID: 40885 (asterisk_iax2_call_number_dos.nasl)
Bugtraq ID: 36275
CVE ID: CVE-2009-2346
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.