CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.

Published: Jul 24, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3264
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
asterisk / asterisk_appliance_developer_kit	0.2	0.2.x
asterisk / asterisk_appliance_developer_kit	0.3	0.3.x
asterisk / asterisk_appliance_developer_kit	0.4	0.4.x
asterisk / asterisk_appliance_developer_kit	0.5	0.5.x
asterisk / asterisk_appliance_developer_kit	0.6	0.6.x
asterisk / asterisk_appliance_developer_kit	0.6.0	0.6.0.x
asterisk / asterisk_appliance_developer_kit	0.7	0.7.x
asterisk / asterisk_appliance_developer_kit	0.8	0.8.x
asterisk / asterisk_business_edition	a	a.x
asterisk / asterisk_business_edition	b	b.x
asterisk / asterisk_business_edition	b.1.3.2	b.1.3.2.x
asterisk / asterisk_business_edition	b.1.3.3	b.1.3.3.x
asterisk / asterisk_business_edition	b.2.2.0	b.2.2.0.x
asterisk / asterisk_business_edition	b.2.2.1	b.2.2.1.x
asterisk / asterisk_business_edition	b.2.3.1	b.2.3.1.x
asterisk / asterisk_business_edition	b.2.3.2	b.2.3.2.x
asterisk / asterisk_business_edition	b.2.3.3	b.2.3.3.x
asterisk / asterisk_business_edition	b.2.3.4	b.2.3.4.x
asterisk / asterisk_business_edition	b.2.3.6	b.2.3.6.x
asterisk / asterisk_business_edition	b.2.5.0	b.2.5.0.x
asterisk / asterisk_business_edition	b.2.5.3	b.2.5.3.x
asterisk / asterisk_business_edition	b2.5.1	b2.5.1.x
asterisk / asterisk_business_edition	b2.5.2	b2.5.2.x
asterisk / asterisk_business_edition	c	c.x
asterisk / asterisk_business_edition	c.1.0-beta7	c.1.0-beta7.x
asterisk / asterisk_business_edition	c.1.0-beta8	c.1.0-beta8.x
asterisk / asterisk_business_edition	c.1.6	c.1.6.x
asterisk / asterisk_business_edition	c.1.6.1	c.1.6.1.x
asterisk / asterisk_business_edition	c.1.6.2	c.1.6.2.x
asterisk / asterisk_business_edition	c1.8.0	c1.8.0.x
asterisk / asterisk_business_edition	c1.8.1	c1.8.1.x
asterisk / asterisknow	beta_5	beta_5.x
asterisk / asterisknow	beta_6	beta_6.x
asterisk / asterisknow	beta_7	beta_7.x
asterisk / asterisknow	pre-release	pre-release.x
asterisk / open_source	1.0	1.0.x
asterisk / open_source	1.0.0	1.0.0.x
asterisk / open_source	1.0.1	1.0.1.x
asterisk / open_source	1.0.2	1.0.2.x
asterisk / open_source	1.0.3	1.0.3.x
asterisk / open_source	1.0.3.4	1.0.3.4.x
asterisk / open_source	1.0.4	1.0.4.x
asterisk / open_source	1.0.5	1.0.5.x
asterisk / open_source	1.0.6	1.0.6.x
asterisk / open_source	1.0.7	1.0.7.x
asterisk / open_source	1.0.8	1.0.8.x
asterisk / open_source	1.0.9	1.0.9.x
asterisk / open_source	1.0.11	1.0.11.x
asterisk / open_source	1.0.11.1	1.0.11.1.x
asterisk / open_source	1.0.12	1.0.12.x
asterisk / open_source	1.2.0	1.2.0.x
asterisk / open_source	1.2.0beta1	1.2.0beta1.x
asterisk / open_source	1.2.0beta2	1.2.0beta2.x
asterisk / open_source	1.2.1	1.2.1.x
asterisk / open_source	1.2.2	1.2.2.x
asterisk / open_source	1.2.3	1.2.3.x
asterisk / open_source	1.2.4	1.2.4.x
asterisk / open_source	1.2.5	1.2.5.x
asterisk / open_source	1.2.6	1.2.6.x
asterisk / open_source	1.2.7	1.2.7.x
asterisk / open_source	1.2.7.1	1.2.7.1.x
asterisk / open_source	1.2.8	1.2.8.x
asterisk / open_source	1.2.9	1.2.9.x
asterisk / open_source	1.2.9.1	1.2.9.1.x
asterisk / open_source	1.2.10	1.2.10.x
asterisk / open_source	1.2.11	1.2.11.x
asterisk / open_source	1.2.12	1.2.12.x
asterisk / open_source	1.2.12.1	1.2.12.1.x
asterisk / open_source	1.2.13	1.2.13.x
asterisk / open_source	1.2.14	1.2.14.x
asterisk / open_source	1.2.15	1.2.15.x
asterisk / open_source	1.2.16	1.2.16.x
asterisk / open_source	1.2.17	1.2.17.x
asterisk / open_source	1.2.18	1.2.18.x
asterisk / open_source	1.2.19	1.2.19.x
asterisk / open_source	1.2.20	1.2.20.x
asterisk / open_source	1.2.21	1.2.21.x
asterisk / open_source	1.2.21.1	1.2.21.1.x
asterisk / open_source	1.2.22	1.2.22.x
asterisk / open_source	1.2.23	1.2.23.x
asterisk / open_source	1.2.24	1.2.24.x
asterisk / open_source	1.2.25	1.2.25.x
asterisk / open_source	1.2.26	1.2.26.x
asterisk / open_source	1.2.26.1	1.2.26.1.x
asterisk / open_source	1.2.26.2	1.2.26.2.x
asterisk / open_source	1.2.27	1.2.27.x
asterisk / open_source	1.2.28	1.2.28.x
asterisk / open_source	1.2.29	1.2.29.x
asterisk / open_source	1.4.0	1.4.0.x
asterisk / open_source	1.4.1	1.4.1.x
asterisk / open_source	1.4.2	1.4.2.x
asterisk / open_source	1.4.3	1.4.3.x
asterisk / open_source	1.4.4	1.4.4.x
asterisk / open_source	1.4.5	1.4.5.x
asterisk / open_source	1.4.6	1.4.6.x
asterisk / open_source	1.4.7	1.4.7.x
asterisk / open_source	1.4.7.1	1.4.7.1.x
asterisk / open_source	1.4.8	1.4.8.x
asterisk / open_source	1.4.9	1.4.9.x
asterisk / open_source	1.4.10	1.4.10.x
asterisk / open_source	1.4.10.1	1.4.10.1.x
asterisk / open_source	1.4.11	1.4.11.x
asterisk / open_source	1.4.12	1.4.12.x
asterisk / open_source	1.4.12.1	1.4.12.1.x
asterisk / open_source	1.4.13	1.4.13.x
asterisk / open_source	1.4.14	1.4.14.x
asterisk / open_source	1.4.15	1.4.15.x
asterisk / open_source	1.4.16	1.4.16.x
asterisk / open_source	1.4.16.1	1.4.16.1.x
asterisk / open_source	1.4.16.2	1.4.16.2.x
asterisk / open_source	1.4.17	1.4.17.x
asterisk / open_source	1.4.18	1.4.18.x
asterisk / open_source	1.4.18.1	1.4.18.1.x
asterisk / open_source	1.4.19	1.4.19.x
asterisk / open_source	1.4.19.1	1.4.19.1.x
asterisk / open_source	1.4.19_rc3	1.4.19_rc3.x
asterisk / open_source	1.4_revision_95946	1.4_revision_95946.x
asterisk / open_source	1.4beta	1.4beta.x

Vulnerability Database

289,697

CVE-2008-3264