CVE-2009-2346

CVSS V2 High 7.8 CVSS V3 None
Description
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
Overview
  • CVE ID
  • CVE-2009-2346
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-09-08T18:30:00
  • Last Modified Date
  • 2018-10-10T19:39:42
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.2.1:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.3.1:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.3.2:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.3.3:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.3.4:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.3.5:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.3.6:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.5.1:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.5.3:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.5.4:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.5.5:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.5.6:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.5.8:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:b.2.5.9:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.0_beta7:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.0_beta8:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.6:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.6.1:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.6.2:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.8.1:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.10.3:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.10.4:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.1.10.5:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.2.1.2.1:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.2.3:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.2.3.3:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.2.4.2:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:asterisk:c.3.1.0:*:business:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.4:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.5:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.6:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.7:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.7.1:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.8:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.9.1:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.30.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.2.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc-2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.19.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.20:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.20:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.20:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.21:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.21:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.21.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.21.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.22:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.22:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.22.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.23:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.23:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4.23:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta5:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta7:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta8:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta9:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.0.3:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.1.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.1.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:open_source:1.6.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:opensource:1.4.23.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:opensource:1.4.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:opensource:1.4.24.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:opensource:1.4.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:asterisk:opensource:1.4.26.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asterisk:appliance_s800i:1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asterisk:appliance_s800i:1.3.0.2:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.8
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.9
History
Created Old Value New Value Data Type Notes
2022-05-10 18:32:37 Added to TrackCVE