Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Asterisk可预测HTTP管理器会话ID漏洞
Vulnerability Description
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk计算管理器ID的方式存在错误,允许攻击者相对容易的预测很多HTTP查询所使用的管理器ID。 会话id是在AsteriskGUI HTTP服务器中生成的。当使用Glibc时,rand()和random()的实现和状态是共享的。Asterisk使用random()发布MD5 digest认证挑战并用malloc的指针rand()位或运算以生成AsteriskGUI会话标识符。攻击者可以通过检索32个连续的挑战同步到rando
CVSS Information
N/A
Vulnerability Type
N/A