CVE-2008-3263

Asterisk Open Source <1.2.30, 1.4.x <1.4.21.2 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3263. PoCs published by Blake Cornell.

AI-analyzed exploit summary This Perl script exploits CVE-2008-3263, a denial-of-service vulnerability in Asterisk by sending multiple 'POKE' requests via UDP to consume processor resources. It includes modes for scanning, injection, and DoS attacks.

Description

The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Blake Cornell · perldoslinux

https://www.exploit-db.com/exploits/32095

View Code ZIP pw:eip

This Perl script exploits CVE-2008-3263, a denial-of-service vulnerability in Asterisk by sending multiple 'POKE' requests via UDP to consume processor resources. It includes modes for scanning, injection, and DoS attacks.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Asterisk (versions affected by CVE-2008-3263)

No auth needed

Prerequisites: Network access to the target Asterisk server · UDP port 4569 (or custom port) accessible

MITRE ATT&CK