Vulnerability in Digium Asterisk
CVE-2015-3008
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS de…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.390 (97.4th percentile) — read the EPSS interpretation.
Affected products
- Digium Asterisk — versions 1.8.0, 1.8.1, 1.8.1.1
- Digium Certified_asterisk — versions 1.8.0.0, 1.8.1.0, 1.8.2.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_MISC)
- 74022 (vdb-entry, x_refsource_BID)
- MDVSA-2015:206 (vendor-advisory, x_refsource_MANDRIVA)
- cve@mitre.org (x_refsource_CONFIRM)
- 1032052 (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit (mailing-list, x_refsource_FULLDISC)
- 20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit (mailing-list, x_refsource_BUGTRAQ)
- DSA-3700 (vendor-advisory, x_refsource_DEBIAN)
- FEDORA-2015-5948 (x_refsource_FEDORA, vendor-advisory)
Frequently asked questions
- What is CVE-2015-3008?
- CVE-2015-3008 is a vulnerability in Digium Asterisk, classified under Cryptographic Issues. Published 2015-04-10.
- Is CVE-2015-3008 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.