Executive Summary

Informations
Name CVE-2023-49786 First vendor Publication 2023-12-14
Vendor Cve Last vendor Modification 2023-12-29

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.9
Base Score 5.9 Environmental Score 5.9
impact SubScore 3.6 Temporal Score 5.9
Exploitabality Sub Score 2.2
 
Attack Vector Network Attack Complexity High
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 937
Application 28

Sources (Detail)

http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service...
http://seclists.org/fulldisclosure/2023/Dec/24
http://www.openwall.com/lists/oss-security/2023/12/15/7
https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf...
https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-d...
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2024-02-16 13:38:32
  • Multiple Updates
2023-12-29 05:27:34
  • Multiple Updates
2023-12-27 21:27:33
  • Multiple Updates
2023-12-21 21:27:45
  • Multiple Updates
2023-12-15 21:27:25
  • Multiple Updates
2023-12-15 05:27:29
  • First insertion