What is the severity of CVE-2007-2294?

CVE-2007-2294 has a severity rating that indicates a denial of service vulnerability allowing remote attackers to cause crashes.

How do I fix CVE-2007-2294?

To fix CVE-2007-2294, upgrade Asterisk to a version that is not vulnerable, specifically 1.2.18 or 1.4.3 and later.

Which Asterisk versions are affected by CVE-2007-2294?

CVE-2007-2294 affects Asterisk versions prior to 1.2.18 and all versions in the 1.4.x branch before 1.4.3.

What type of attack exploits CVE-2007-2294?

CVE-2007-2294 can be exploited through a remote denial of service attack using MD5 authentication without a defined password.

Is it possible to mitigate CVE-2007-2294?

Mitigation for CVE-2007-2294 involves disabling the Manager Interface or implementing strong password policies until the software can be upgraded.

Vulnerability/
CVE-2007-2294

high

7.8

CWE

NVD-CWE-Other 476

26/4/2007

7/8/2024

CVE-2007-2294: Null Pointer Dereference

First published: Thu Apr 26 2007(Updated: )

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Asterisk	=1.2.14
Asterisk	=1.2.16
Asterisk	=1.2.5
Asterisk	=1.4_beta
Asterisk	=1.2.6
Asterisk	=1.2.7
Asterisk	=1.2.0_beta1
Asterisk	=1.2.8
Asterisk	=1.4.2
Asterisk	=1.2.15
Asterisk	=1.2.17
Asterisk	=1.2.11
Asterisk	=1.2.12
Asterisk	=1.2.10
Asterisk	=1.2.9
Asterisk	=1.2.13
Asterisk	=1.2.0_beta2
Asterisk	=1.4.1

Remedy

http://secunia.com/advisories/24977

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-2294?
CVE-2007-2294 has a severity rating that indicates a denial of service vulnerability allowing remote attackers to cause crashes.
How do I fix CVE-2007-2294?
To fix CVE-2007-2294, upgrade Asterisk to a version that is not vulnerable, specifically 1.2.18 or 1.4.3 and later.
Which Asterisk versions are affected by CVE-2007-2294?
CVE-2007-2294 affects Asterisk versions prior to 1.2.18 and all versions in the 1.4.x branch before 1.4.3.
What type of attack exploits CVE-2007-2294?
CVE-2007-2294 can be exploited through a remote denial of service attack using MD5 authentication without a defined password.
Is it possible to mitigate CVE-2007-2294?
Mitigation for CVE-2007-2294 involves disabling the Manager Interface or implementing strong password policies until the software can be upgraded.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/asterisk
canonical/asterisk
version/asterisk/1.2.14
version/asterisk/1.2.16
version/asterisk/1.2.5
version/asterisk/1.4_beta
version/asterisk/1.2.6
version/asterisk/1.2.7
version/asterisk/1.2.0_beta1
version/asterisk/1.2.8
version/asterisk/1.4.2
version/asterisk/1.2.15
version/asterisk/1.2.17
version/asterisk/1.2.11
version/asterisk/1.2.12
version/asterisk/1.2.10
version/asterisk/1.2.9
version/asterisk/1.2.13
version/asterisk/1.2.0_beta2
version/asterisk/1.4.1

Frequently Asked Questions

What is the severity of CVE-2007-2294?
CVE-2007-2294 has a severity rating that indicates a denial of service vulnerability allowing remote attackers to cause crashes.
How do I fix CVE-2007-2294?
To fix CVE-2007-2294, upgrade Asterisk to a version that is not vulnerable, specifically 1.2.18 or 1.4.3 and later.
Which Asterisk versions are affected by CVE-2007-2294?
CVE-2007-2294 affects Asterisk versions prior to 1.2.18 and all versions in the 1.4.x branch before 1.4.3.
What type of attack exploits CVE-2007-2294?
CVE-2007-2294 can be exploited through a remote denial of service attack using MD5 authentication without a defined password.
Is it possible to mitigate CVE-2007-2294?
Mitigation for CVE-2007-2294 involves disabling the Manager Interface or implementing strong password policies until the software can be upgraded.

CVE-2007-2294: Null Pointer Dereference

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-2294?

How do I fix CVE-2007-2294?

Which Asterisk versions are affected by CVE-2007-2294?

What type of attack exploits CVE-2007-2294?

Is it possible to mitigate CVE-2007-2294?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2007-2294?

How do I fix CVE-2007-2294?

Which Asterisk versions are affected by CVE-2007-2294?

What type of attack exploits CVE-2007-2294?

Is it possible to mitigate CVE-2007-2294?