The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Digium |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2011-12-15T02:00:00
Updated: 2012-09-01T09:00:00
Reserved: 2011-11-29T00:00:00
Link: CVE-2011-4597
JSON object: View
NVD Information
Status : Modified
Published: 2011-12-15T03:57:34.310
Modified: 2012-11-06T05:04:03.563
Link: CVE-2011-4597
JSON object: View
Redhat Information
No data.
CWE