csaf_certbund - wid-sec-w-2025-1135

WID-SEC-W-2025-1135

Vulnerability from csaf_certbund - Published: 2025-05-22 22:00 - Updated: 2025-06-02 22:00

Summary

Asterisk: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Asterisk ist eine komplette Open Source Multiprotokoll Telefonanlage (PBX) auf Softwarebasis.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Asterisk ausnutzen, um falsche Informationen darzustellen und um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Asterisk ist eine komplette Open Source Multiprotokoll Telefonanlage (PBX) auf Softwarebasis.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Asterisk ausnutzen, um falsche Informationen darzustellen und um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1135 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1135.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1135 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1135"
      },
      {
        "category": "external",
        "summary": "Asterisk Github vom 2025-05-22",
        "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"
      },
      {
        "category": "external",
        "summary": "Asterisk Github vom 2025-05-22",
        "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4206 vom 2025-06-02",
        "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Asterisk: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-03T09:29:08.893+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1135",
      "initial_release_date": "2025-05-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-02T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c18.26.2",
                "product": {
                  "name": "Open Source Asterisk \u003c18.26.2",
                  "product_id": "T044124"
                }
              },
              {
                "category": "product_version",
                "name": "18.26.2",
                "product": {
                  "name": "Open Source Asterisk 18.26.2",
                  "product_id": "T044124-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:18.26.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c20.14.1",
                "product": {
                  "name": "Open Source Asterisk \u003c20.14.1",
                  "product_id": "T044125"
                }
              },
              {
                "category": "product_version",
                "name": "20.14.1",
                "product": {
                  "name": "Open Source Asterisk 20.14.1",
                  "product_id": "T044125-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:20.14.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c21.9.1",
                "product": {
                  "name": "Open Source Asterisk \u003c21.9.1",
                  "product_id": "T044126"
                }
              },
              {
                "category": "product_version",
                "name": "21.9.1",
                "product": {
                  "name": "Open Source Asterisk 21.9.1",
                  "product_id": "T044126-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:21.9.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c22.4.1",
                "product": {
                  "name": "Open Source Asterisk \u003c22.4.1",
                  "product_id": "T044127"
                }
              },
              {
                "category": "product_version",
                "name": "22.4.1",
                "product": {
                  "name": "Open Source Asterisk 22.4.1",
                  "product_id": "T044127-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:22.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.9-cert14",
                "product": {
                  "name": "Open Source Asterisk \u003c18.9-cert14",
                  "product_id": "T044128"
                }
              },
              {
                "category": "product_version",
                "name": "18.9-cert14",
                "product": {
                  "name": "Open Source Asterisk 18.9-cert14",
                  "product_id": "T044128-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:18.9-cert14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c20.7-cert5",
                "product": {
                  "name": "Open Source Asterisk \u003c20.7-cert5",
                  "product_id": "T044129"
                }
              },
              {
                "category": "product_version",
                "name": "20.7-cert5",
                "product": {
                  "name": "Open Source Asterisk 20.7-cert5",
                  "product_id": "T044129-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:digium:asterisk:20.7-cert5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Asterisk"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-47779",
      "product_status": {
        "known_affected": [
          "T044126",
          "T044125",
          "T044128",
          "T044127",
          "2951",
          "T044129",
          "T044124"
        ]
      },
      "release_date": "2025-05-22T22:00:00.000+00:00",
      "title": "CVE-2025-47779"
    },
    {
      "cve": "CVE-2025-47780",
      "product_status": {
        "known_affected": [
          "T044126",
          "T044125",
          "T044128",
          "T044127",
          "2951",
          "T044129",
          "T044124"
        ]
      },
      "release_date": "2025-05-22T22:00:00.000+00:00",
      "title": "CVE-2025-47780"
    }
  ]
}

CVE-2025-47779 (GCVE-0-2025-47779)

Vulnerability from cvelistv5 – Published: 2025-05-22 16:54 – Updated: 2025-11-03 20:04

Summary

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-140 - Improper Neutralization of Delimiters
CWE-792 - Incomplete Filtering of One or More Instances of Special Elements

Assigner

GitHub_M

References

URL

Tags

	https://github.com/asterisk/asterisk/security/adv…	x_refsource_CONFIRM
	https://github.com/asterisk/asterisk/blob/master/…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	asterisk	asterisk	Affected: < 18.9-cert14 Affected: >= 18.10, < 18.26.2 Affected: >= 20.0, < 20.7-cert5 Affected: >= 20.8, < 20.14.1 Affected: >= 21.0, < 21.9.1 Affected: >= 22.0, < 22.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47779",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-22T17:25:58.891881Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-22T17:26:57.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:04:36.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 18.9-cert14"
            },
            {
              "status": "affected",
              "version": "\u003e= 18.10, \u003c 18.26.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0, \u003c 20.7-cert5"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.8, \u003c 20.14.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 21.0, \u003c 21.9.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 22.0, \u003c 22.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-140",
              "description": "CWE-140: Improper Neutralization of Delimiters",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-792",
              "description": "CWE-792: Incomplete Filtering of One or More Instances of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-22T16:54:26.314Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"
        },
        {
          "name": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"
        }
      ],
      "source": {
        "advisory": "GHSA-2grh-7mhv-fcfw",
        "discovery": "UNKNOWN"
      },
      "title": "Using malformed From header can forge identity with \";\" or NULL in name portion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-47779",
    "datePublished": "2025-05-22T16:54:26.314Z",
    "dateReserved": "2025-05-09T19:49:35.620Z",
    "dateUpdated": "2025-11-03T20:04:36.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47780 (GCVE-0-2025-47780)

Vulnerability from cvelistv5 – Published: 2025-05-22 16:56 – Updated: 2025-11-03 20:04

Summary

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

https://github.com/asterisk/asterisk/security/adv…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	asterisk	asterisk	Affected: < 18.9-cert14 Affected: >= 18.10, < 18.26.2 Affected: >= 20.0, < 20.7-cert5 Affected: >= 20.8, < 20.14.1 Affected: >= 21.0, < 21.9.1 Affected: >= 22.0, < 22.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47780",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-22T17:24:44.875844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-22T17:25:09.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:04:38.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 18.9-cert14"
            },
            {
              "status": "affected",
              "version": "\u003e= 18.10, \u003c 18.26.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0, \u003c 20.7-cert5"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.8, \u003c 20.14.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 21.0, \u003c 21.9.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 22.0, \u003c 22.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-22T16:56:28.937Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"
        }
      ],
      "source": {
        "advisory": "GHSA-c7p6-7mvq-8jq2",
        "discovery": "UNKNOWN"
      },
      "title": "cli_permissions.conf: deny option does not work for disallowing shell commands"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-47780",
    "datePublished": "2025-05-22T16:56:28.937Z",
    "dateReserved": "2025-05-09T19:49:35.620Z",
    "dateUpdated": "2025-11-03T20:04:38.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1135

CVE-2025-47779 (GCVE-0-2025-47779)

CVE-2025-47780 (GCVE-0-2025-47780)

Tags

Sightings

Nomenclature