Sign-up

ID

VAR-201910-0001


CVE

CVE-2009-3723


TITLE

asterisk Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2009-006633

DESCRIPTION

asterisk allows calls on prohibited networks. asterisk Contains an unauthorized authentication vulnerability.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2009-3723 // JVNDB: JVNDB-2009-006633

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.6

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.6

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.6

vendor:sangomamodel:asteriskscope:gteversion:1.6.1

Trust: 1.0

vendor:sangomamodel:asteriskscope:ltversion:1.6.1.8

Trust: 1.0

vendor:asteriskmodel:open sourcescope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:asteriskmodel:open sourcescope:eqversion:1.6.1.4

Trust: 0.6

vendor:asteriskmodel:open sourcescope:eqversion:1.6.1

Trust: 0.6

sources: JVNDB: JVNDB-2009-006633 // CNNVD: CNNVD-201910-1671 // NVD: CVE-2009-3723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3723
value: HIGH

Trust: 1.0

NVD: CVE-2009-3723
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-1671
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2009-3723
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2009-3723
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2009-3723
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2009-006633 // CNNVD: CNNVD-201910-1671 // NVD: CVE-2009-3723

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.8

sources: JVNDB: JVNDB-2009-006633 // NVD: CVE-2009-3723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1671

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-1671

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-006633

PATCH
title:AST-2009-007url:http://downloads.asterisk.org/pub/security/AST-2009-007.html
Trust: 0.8
title:CVE-2009-3723url:https://security-tracker.debian.org/tracker/CVE-2009-3723
Trust: 0.8
title:Digium Asterisk Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101439
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2009-006633 // 
            
            
            
            CNNVD: CNNVD-201910-1671

EXTERNAL IDS
db:NVDid:CVE-2009-3723
Trust: 2.4
db:JVNDBid:JVNDB-2009-006633
Trust: 0.8
db:CNNVDid:CNNVD-201910-1671
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2009-006633 // 
            
            
            
            CNNVD: CNNVD-201910-1671 // 
            
            
            
            NVD: CVE-2009-3723

REFERENCES
url:https://security-tracker.debian.org/tracker/cve-2009-3723
Trust: 1.6
url:https://access.redhat.com/security/cve/cve-2009-3723
Trust: 1.6
url:http://downloads.asterisk.org/pub/security/ast-2009-007.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2009-3723
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3723
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-006633 // 
            
            
            
            CNNVD: CNNVD-201910-1671 // 
            
            
            
            NVD: CVE-2009-3723

SOURCES
db:JVNDBid:JVNDB-2009-006633
db:CNNVDid:CNNVD-201910-1671
db:NVDid:CVE-2009-3723

LAST UPDATE DATE
2024-08-16T23:00:11.415000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2009-006633date:2019-11-08T00:00:00
db:CNNVDid:CNNVD-201910-1671date:2019-11-04T00:00:00
db:NVDid:CVE-2009-3723date:2024-08-15T12:44:24.983

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2009-006633date:2019-11-08T00:00:00
db:CNNVDid:CNNVD-201910-1671date:2019-10-29T00:00:00
db:NVDid:CVE-2009-3723date:2019-10-29T19:15:12.377