CVE-2011-4597

EPSS 0.69%

asterisk - several

Published: 12/15/2011Modified: 4/28/2026

Description

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

Affected packages (2)

Debian/asteriskfrom 0, < 1:1.8.8.0~dfsg-1
Debian/asteriskfrom 0, < 1:1.6.2.9-2+squeeze4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-4597