FKIE_CVE-2021-46837

Vulnerability from fkie_nvd - Published: 2022-08-30 07:15 - Updated: 2024-11-21 06:34
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
References
cve@mitre.orghttps://downloads.asterisk.org/pub/security/AST-2021-006.htmlVendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/11/msg00021.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5285Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://downloads.asterisk.org/pub/security/AST-2021-006.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/11/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5285Third Party Advisory
Impacted products
Vendor Product Version
asterisk certified_asterisk 16.8.0
asterisk certified_asterisk 16.8.0
asterisk certified_asterisk 16.8.0
asterisk certified_asterisk 16.8.0
asterisk certified_asterisk 16.8.0
asterisk certified_asterisk 16.8.0
asterisk certified_asterisk 16.8.0
digium asterisk *
digium asterisk *
digium asterisk *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "335EF1B5-AD89-48E2-AB2C-BF376BC36F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D5A9E8-239F-492C-95AD-7CF2AB964D87",
              "versionEndExcluding": "16.16.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA36883-D695-47A1-8CA7-2F128BFA194D",
              "versionEndExcluding": "17.9.3",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEE180D-A041-42AB-AE5E-DDBD9CF0AACF",
              "versionEndExcluding": "18.2.2",
              "versionStartIncluding": "18.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n res_pjsip_t38 en Sangoma Asterisk versiones 16.x anteriores a 16.16.2, 17.x anteriores a 17.9.3, y 18.x anteriores a 18.2.2, y Certified Asterisk anteriores a 16.8-cert7, permite a un atacante desencadenar un fallo mediante el env\u00edo de una l\u00ednea m=image y un puerto cero en una respuesta a una Re invitaci\u00f3n T.38 iniciada por Asterisk. Se trata de una reaparici\u00f3n de los s\u00edntomas de la CVE-2019-15297 pero no exactamente por el mismo motivo. El fallo es producido porque se presenta una operaci\u00f3n de append relativa a la topolog\u00eda activa, pero deber\u00eda ser en cambio una operaci\u00f3n de replace"
    }
  ],
  "id": "CVE-2021-46837",
  "lastModified": "2024-11-21T06:34:47.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-30T07:15:07.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.