CVE-2009-0041
Last modified
CVE-2009-0041 is a vulnerability of currently unknown severity. IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.. EPSS estimates a 2.71% chance of exploitation in the next 30 days.
Description
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Asterisk | Asterisk Business Edition | <= b.2.5.2 | — |
| Asterisk | Asterisk Business Edition | <= c.1.0 | Beta8 |
| Asterisk | Asterisk Business Edition | a | — |
| Asterisk | Asterisk Business Edition | b.1.3.2 | — |
| Asterisk | Asterisk Business Edition | b.1.3.3 | — |
| Asterisk | Asterisk Business Edition | b.2.2.0 | — |
| Asterisk | Asterisk Business Edition | b.2.2.1 | — |
| Asterisk | Asterisk Business Edition | b.2.3.1 | — |
| Asterisk | Asterisk Business Edition | b.2.3.2 | — |
| Asterisk | Asterisk Business Edition | b.2.3.3 | — |
| Asterisk | Asterisk Business Edition | b.2.3.4 | — |
| Asterisk | Asterisk Business Edition | b.2.3.5 | — |
| Asterisk | Asterisk Business Edition | b.2.3.6 | — |
| Asterisk | Asterisk Business Edition | b.2.5.0 | — |
| Asterisk | Asterisk Business Edition | b.2.5.1 | — |
| Asterisk | Asterisk Business Edition | b.2.5.3 | — |
| Asterisk | Asterisk Business Edition | c.1.0 | Beta7 |
| Asterisk | Open Source | <= 1.2.30.4 | — |
| Asterisk | Open Source | <= 1.4.23 | Rc3 |
| Asterisk | Open Source | <= 1.6.0.3 | Rc1 |
| Asterisk | Open Source | 1.2.0 | — |
| Asterisk | Open Source | 1.2.0beta1 | — |
| Asterisk | Open Source | 1.2.0beta2 | — |
| Asterisk | Open Source | 1.2.1 | — |
| Asterisk | Open Source | 1.2.2 | — |
| Asterisk | Open Source | 1.2.3 | — |
| Asterisk | Open Source | 1.2.10 | — |
| Asterisk | Open Source | 1.2.11 | — |
| Asterisk | Open Source | 1.2.12 | — |
| Asterisk | Open Source | 1.2.12.1 | — |
| Asterisk | Open Source | 1.2.13 | — |
| Asterisk | Open Source | 1.2.14 | — |
| Asterisk | Open Source | 1.2.15 | — |
| Asterisk | Open Source | 1.2.16 | — |
| Asterisk | Open Source | 1.2.17 | — |
| Asterisk | Open Source | 1.2.18 | — |
| Asterisk | Open Source | 1.2.19 | — |
| Asterisk | Open Source | 1.2.20 | — |
| Asterisk | Open Source | 1.2.21 | — |
| Asterisk | Open Source | 1.2.21.1 | — |
| Asterisk | Open Source | 1.2.22 | — |
| Asterisk | Open Source | 1.2.23 | — |
| Asterisk | Open Source | 1.2.24 | — |
| Asterisk | Open Source | 1.2.25 | — |
| Asterisk | Open Source | 1.2.26 | — |
| Asterisk | Open Source | 1.2.26.1 | — |
| Asterisk | Open Source | 1.2.26.2 | — |
| Asterisk | Open Source | 1.2.27 | — |
| Asterisk | Open Source | 1.2.28 | — |
| Asterisk | Open Source | 1.2.29 | — |
Showing 50 of 96 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0041?
How severe is CVE-2009-0041?
How do I fix CVE-2009-0041?
Are you affected by CVE-2009-0041?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST