This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The version of Asterisk installed on the remote host may be affected
by multiple denial of service vulnerabilities.
According to the version in its SIP banner, the version of Asterisk
running on the remote host may be affected by multiple denial of
service vulnerabilities :
- On systems that have the Asterisk Manager interface,
Skinny, SIP over TCP, or the built-in HTTP server
enabled, it is possible for an attacker to open an
unlimited number of connections to Asterisk, which would
cause Asterisk to run out of available file descriptors
and stop processing any new calls. (AST-2011-005)
- It is possible to bypass a security check and execute
shell commands when they should not have that ability.
Note that only users with the 'system' privilege should
be able to do this. (AST-2011-006)
See also :
Upgrade to Asterisk 184.108.40.206 / 220.127.116.11 / 18.104.22.168.3 / 22.214.171.124 /
Business Edition C.3.6.4 or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true
Family: Denial of Service
Nessus Plugin ID: 53544 ()
Bugtraq ID: 47537
CVE ID: CVE-2011-1507CVE-2011-1599
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.