This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.
The remote VoIP service is susceptible to a denial of service attack.
The version of Asterisk running on the remote host appears to be using
an older implementation of the IAX2 protocol that does not support
call token validation. Due to a design flaw in the protocol, a remote
attacker could send a large number of messages, exhausting all
available call numbers in the process. This would result in a denial
of service to legitimate users.
See also :
Upgrade to the relevant version of Asterisk referenced in the
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true