Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-2666 | First vendor Publication | 2011-07-06 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-16 | Configuration |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18445 | |||
| Oval ID: | oval:org.mitre.oval:def:18445 | ||
| Title: | DSA-2493-1 asterisk - denial of service | ||
| Description: | Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2493-1 CVE-2012-2947 CVE-2012-2948 CVE-2011-2666 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | asterisk |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-10 | Name : Debian Security Advisory DSA 2493-1 (asterisk) File : nvt/deb_2493_1.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-21 (Asterisk) File : nvt/glsa_201110_21.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 74352 | Asterisk SIP Channel Driver Default Configuration Invalid SIP Request Usernam... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2493.nasl - Type : ACT_GATHER_INFO |
| 2011-11-22 | Name : A telephony application running on the remote host is affected by an informat... File : asterisk_ast_2011_011.nasl - Type : ACT_GATHER_INFO |
| 2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-21.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:04:44 |
|
| 2024-11-28 12:26:15 |
|
| 2021-05-04 12:14:47 |
|
| 2021-04-22 01:16:06 |
|
| 2020-05-23 00:29:00 |
|
| 2017-08-29 09:23:18 |
|
| 2016-04-26 20:53:03 |
|
| 2014-02-17 11:03:33 |
|
| 2013-05-10 23:03:35 |
|
