CVE-2011-2666

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
digiumasterisk
1.6.2.0
digiumasterisk
1.6.2.0:rc2
digiumasterisk
1.6.2.0:rc3
digiumasterisk
1.6.2.0:rc4
digiumasterisk
1.6.2.0:rc5
digiumasterisk
1.6.2.0:rc6
digiumasterisk
1.6.2.0:rc7
digiumasterisk
1.6.2.0:rc8
digiumasterisk
1.6.2.1
digiumasterisk
1.6.2.1:rc1
digiumasterisk
1.6.2.2
digiumasterisk
1.6.2.3:rc2
digiumasterisk
1.6.2.4
digiumasterisk
1.6.2.5
digiumasterisk
1.6.2.6
digiumasterisk
1.6.2.6:rc1
digiumasterisk
1.6.2.6:rc2
digiumasterisk
1.6.2.15:rc1
digiumasterisk
1.6.2.16
digiumasterisk
1.6.2.16:rc1
digiumasterisk
1.6.2.16.1
digiumasterisk
1.6.2.16.2
digiumasterisk
1.6.2.17
digiumasterisk
1.6.2.17:rc1
digiumasterisk
1.6.2.17:rc2
digiumasterisk
1.6.2.17:rc3
digiumasterisk
1.6.2.17.1
digiumasterisk
1.6.2.17.2
digiumasterisk
1.6.2.17.3
digiumasterisk
1.6.2.18
digiumasterisk
1.6.2.18:rc1
digiumasterisk
1.6.2.18.1
digiumasterisk
1.6.2.18.2
digiumasterisk
1.4.0
digiumasterisk
1.4.0:beta1
digiumasterisk
1.4.0:beta2
digiumasterisk
1.4.0:beta3
digiumasterisk
1.4.0:beta4
digiumasterisk
1.4.1
digiumasterisk
1.4.2
digiumasterisk
1.4.3
digiumasterisk
1.4.4
digiumasterisk
1.4.5
digiumasterisk
1.4.6
digiumasterisk
1.4.7
digiumasterisk
1.4.7.1
digiumasterisk
1.4.8
digiumasterisk
1.4.9
digiumasterisk
1.4.10
digiumasterisk
1.4.10.1
digiumasterisk
1.4.11
digiumasterisk
1.4.12
digiumasterisk
1.4.12.1
digiumasterisk
1.4.13
digiumasterisk
1.4.14
digiumasterisk
1.4.15
digiumasterisk
1.4.16
digiumasterisk
1.4.16.1
digiumasterisk
1.4.16.2
digiumasterisk
1.4.17
digiumasterisk
1.4.18
digiumasterisk
1.4.19
digiumasterisk
1.4.19:rc1
digiumasterisk
1.4.19:rc2
digiumasterisk
1.4.19:rc3
digiumasterisk
1.4.19:rc4
digiumasterisk
1.4.19.1
digiumasterisk
1.4.19.2
digiumasterisk
1.4.20
digiumasterisk
1.4.20:rc1
digiumasterisk
1.4.20:rc2
digiumasterisk
1.4.20:rc3
digiumasterisk
1.4.20.1
digiumasterisk
1.4.21
digiumasterisk
1.4.21:rc1
digiumasterisk
1.4.21:rc2
digiumasterisk
1.4.21.1
digiumasterisk
1.4.21.2
digiumasterisk
1.4.22
digiumasterisk
1.4.22:rc1
digiumasterisk
1.4.22:rc2
digiumasterisk
1.4.22:rc3
digiumasterisk
1.4.22:rc4
digiumasterisk
1.4.22:rc5
digiumasterisk
1.4.22.1
digiumasterisk
1.4.22.2
digiumasterisk
1.4.23
digiumasterisk
1.4.23:rc1
digiumasterisk
1.4.23:rc2
digiumasterisk
1.4.23:rc3
digiumasterisk
1.4.23:rc4
digiumasterisk
1.4.23.1
digiumasterisk
1.4.23.2
digiumasterisk
1.4.24
digiumasterisk
1.4.24:rc1
digiumasterisk
1.4.24.1
digiumasterisk
1.4.25
digiumasterisk
1.4.25:rc1
digiumasterisk
1.4.25.1
digiumasterisk
1.4.26
digiumasterisk
1.4.26:rc1
digiumasterisk
1.4.26:rc2
digiumasterisk
1.4.26:rc3
digiumasterisk
1.4.26:rc4
digiumasterisk
1.4.26:rc5
digiumasterisk
1.4.26:rc6
digiumasterisk
1.4.26.1
digiumasterisk
1.4.26.2
digiumasterisk
1.4.26.3
digiumasterisk
1.4.27
digiumasterisk
1.4.27:rc1
digiumasterisk
1.4.27:rc2
digiumasterisk
1.4.27:rc3
digiumasterisk
1.4.27:rc4
digiumasterisk
1.4.27:rc5
digiumasterisk
1.4.27.1
digiumasterisk
1.4.28
digiumasterisk
1.4.28:rc1
digiumasterisk
1.4.29
digiumasterisk
1.4.29:rc1
digiumasterisk
1.4.29.1
digiumasterisk
1.4.30
digiumasterisk
1.4.30:rc2
digiumasterisk
1.4.30:rc3
digiumasterisk
1.4.31
digiumasterisk
1.4.31:rc1
digiumasterisk
1.4.31:rc2
digiumasterisk
1.4.32
digiumasterisk
1.4.32:rc1
digiumasterisk
1.4.33
digiumasterisk
1.4.33:rc1
digiumasterisk
1.4.33:rc2
digiumasterisk
1.4.33.1
digiumasterisk
1.4.34
digiumasterisk
1.4.34:rc1
digiumasterisk
1.4.34:rc2
digiumasterisk
1.4.35
digiumasterisk
1.4.35:rc1
digiumasterisk
1.4.36
digiumasterisk
1.4.36:rc1
digiumasterisk
1.4.37
digiumasterisk
1.4.37:rc1
digiumasterisk
1.4.38
digiumasterisk
1.4.38:rc1
digiumasterisk
1.4.39
digiumasterisk
1.4.39:rc1
digiumasterisk
1.4.39.1
digiumasterisk
1.4.39.2
digiumasterisk
1.4.40
digiumasterisk
1.4.40:rc1
digiumasterisk
1.4.40:rc2
digiumasterisk
1.4.40:rc3
digiumasterisk
1.4.40.1
digiumasterisk
1.4.40.2
digiumasterisk
1.4.41
digiumasterisk
1.4.41:rc1
digiumasterisk
1.4.41.1
digiumasterisk
1.4.41.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
squeeze
no-dsa
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
Fixed 1:1.6.2.9-2ubuntu2.1
released
maverick
Fixed 1:1.6.2.7-1ubuntu1.2
released
lucid
Fixed 1:1.6.2.5-0ubuntu1.4
released
hardy
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2011-011.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/68472
http://downloads.asterisk.org/pub/security/AST-2011-011.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/68472