chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Digium |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-07-06T19:00:00
Updated: 2011-09-07T09:00:00
Reserved: 2011-06-27T00:00:00
Link: CVE-2011-2536
JSON object: View
NVD Information
Status : Modified
Published: 2011-07-06T19:55:03.543
Modified: 2011-09-07T03:17:36.083
Link: CVE-2011-2536
JSON object: View
Redhat Information
No data.
CWE