certfr_avis - CERTFR-2024-AVI-0424

CERTFR-2024-AVI-0424

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Asterisk	Asterisk	Asterisk versions 21.3.x antérieures à 21.3.1
Asterisk	Asterisk	Asterisk versions 18.23.x antérieures à 18.23.1
Asterisk	Asterisk	Asterisk versions 20.8.x antérieures à 20.8.1

References

Title

Publication Time

CVE-2024-35190 (GCVE-0-2024-35190)

Vulnerability from cvelistv5 – Published: 2024-05-17 16:55 – Updated: 2024-08-02 03:07

Summary

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-303 - Incorrect Implementation of Authentication Algorithm
CWE-480 - Use of Incorrect Operator
CWE-670 - Always-Incorrect Control Flow Implementation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/asterisk/asterisk/security/adv…	x_refsource_CONFIRM
	https://github.com/asterisk/asterisk/pull/600	x_refsource_MISC
	https://github.com/asterisk/asterisk/pull/602	x_refsource_MISC
	https://github.com/asterisk/asterisk/commit/85241…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	asterisk	asterisk	Affected: = 21.3.0 Affected: = 20.8.0 Affected: = 18.23.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:asterisk:asterisk:21.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "asterisk",
            "vendor": "asterisk",
            "versions": [
              {
                "status": "affected",
                "version": "21.3.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:asterisk:asterisk:20.8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "asterisk",
            "vendor": "asterisk",
            "versions": [
              {
                "status": "affected",
                "version": "20.8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:asterisk:asterisk:18.23.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "asterisk",
            "vendor": "asterisk",
            "versions": [
              {
                "status": "affected",
                "version": "18.23.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T19:33:53.154042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T15:28:38.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:07:46.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
          },
          {
            "name": "https://github.com/asterisk/asterisk/pull/600",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/pull/600"
          },
          {
            "name": "https://github.com/asterisk/asterisk/pull/602",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/pull/602"
          },
          {
            "name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "= 21.3.0"
            },
            {
              "status": "affected",
              "version": "= 20.8.0"
            },
            {
              "status": "affected",
              "version": "= 18.23.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-480",
              "description": "CWE-480: Use of Incorrect Operator",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T16:55:41.346Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
        },
        {
          "name": "https://github.com/asterisk/asterisk/pull/600",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/pull/600"
        },
        {
          "name": "https://github.com/asterisk/asterisk/pull/602",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/pull/602"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
        }
      ],
      "source": {
        "advisory": "GHSA-qqxj-v78h-hrf9",
        "discovery": "UNKNOWN"
      },
      "title": "Asterisk\u0027 res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-35190",
    "datePublished": "2024-05-17T16:55:41.346Z",
    "dateReserved": "2024-05-10T14:24:24.341Z",
    "dateUpdated": "2024-08-02T03:07:46.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted