Strix
26.1K

CVE-2007-6430

UnknownEPSS 1.95%

Last modified

CVE-2007-6430 is a vulnerability of currently unknown severity. Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.. EPSS estimates a 1.95% chance of exploitation in the next 30 days.

Description

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Metrics

EPSS Probability
1.95%

77.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AsteriskAsterisk Business Editionb.1.3.2
AsteriskAsterisk Business Editionb.1.3.3
AsteriskAsterisk Business Editionb.2.2.0
AsteriskAsterisk Business Editionb.2.2.1
AsteriskAsterisk Business Editionb.2.3.1
AsteriskAsterisk Business Editionb.2.3.2
AsteriskAsterisk Business Editionb.2.3.3
AsteriskAsterisk Business Editionb.2.3.4
AsteriskAsterisk Business Editionc.1.0beta7
AsteriskOpen Source1.2.0beta1
AsteriskOpen Source1.2.0beta2
AsteriskOpen Source1.2.5
AsteriskOpen Source1.2.6
AsteriskOpen Source1.2.7
AsteriskOpen Source1.2.8
AsteriskOpen Source1.2.9
AsteriskOpen Source1.2.10
AsteriskOpen Source1.2.11
AsteriskOpen Source1.2.13
AsteriskOpen Source1.2.14
AsteriskOpen Source1.2.15
AsteriskOpen Source1.2.16
AsteriskOpen Source1.2.17
AsteriskOpen Source1.2.18
AsteriskOpen Source1.2.19
AsteriskOpen Source1.2.21
AsteriskOpen Source1.2.22
AsteriskOpen Source1.2.23
AsteriskOpen Source1.2.24
AsteriskOpen Source1.2.25
AsteriskOpen Source1.4.1
AsteriskOpen Source1.4.2
AsteriskOpen Source1.4.3
AsteriskOpen Source1.4.4
AsteriskOpen Source1.4.5
AsteriskOpen Source1.4.6
AsteriskOpen Source1.4.7
AsteriskOpen Source1.4.8
AsteriskOpen Source1.4.9
AsteriskOpen Source1.4.10
AsteriskOpen Source1.4.11
AsteriskOpen Source1.4.12
AsteriskOpen Source1.4.13
AsteriskOpen Source1.4.14
AsteriskOpen Source1.4.15
AsteriskOpen Source1.4beta

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-6430?
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
How severe is CVE-2007-6430?
Severity scoring for CVE-2007-6430 is pending analysis. The EPSS model estimates a 1.95% probability of exploitation in the next 30 days.
How do I fix CVE-2007-6430?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-6430?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST