← Back

CVE-2007-6430

nvd nist
Published: Dec 20, 2007Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Affected (46)

Asterisk
2 products
Asterisk Business Edition
Open Source
Configuration A
46 vulnerable
Vulnerable SoftwareAffected Versions
Asterisk
Asterisk Business Edition
Version b.1.3.2
Asterisk Business Edition
Version b.1.3.3
Asterisk Business Edition
Version b.2.2.0
Asterisk Business Edition
Version b.2.2.1
Asterisk Business Edition
Version b.2.3.1
Asterisk Business Edition
Version b.2.3.2
Asterisk Business Edition
Version b.2.3.3
Asterisk Business Edition
Version b.2.3.4
Asterisk Business Edition
Version c.1.0beta7
Asterisk
Open Source
Version 1.2.0beta1
Open Source
Version 1.2.0beta2
Open Source
Version 1.2.10
Open Source
Version 1.2.11
Open Source
Version 1.2.13
Open Source
Version 1.2.14
Open Source
Version 1.2.15
Open Source
Version 1.2.16
Open Source
Version 1.2.17
Open Source
Version 1.2.18
Open Source
Version 1.2.19
Open Source
Version 1.2.21
Open Source
Version 1.2.22
Open Source
Version 1.2.23
Open Source
Version 1.2.24
Open Source
Version 1.2.25
Open Source
Version 1.2.5
Open Source
Version 1.2.6
Open Source
Version 1.2.7
Open Source
Version 1.2.8
Open Source
Version 1.2.9
Open Source
Version 1.4.10
Open Source
Version 1.4.11
Open Source
Version 1.4.12
Open Source
Version 1.4.13
Open Source
Version 1.4.14
Open Source
Version 1.4.15
Open Source
Version 1.4.1
Open Source
Version 1.4.2
Open Source
Version 1.4.3
Open Source
Version 1.4.4
Open Source
Version 1.4.5
Open Source
Version 1.4.6
Open Source
Version 1.4.7
Open Source
Version 1.4.8
Open Source
Version 1.4.9
Open Source
Version 1.4beta

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (30)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.