Summary
Detail | |||
---|---|---|---|
Vendor | Digium | First view | 2018-06-12 |
Product | Asterisk | Last view | 2019-11-22 |
Version | 15.3.0 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:digium:asterisk |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2019-11-22 | CVE-2019-18790 | An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. |
8.8 | 2019-11-22 | CVE-2019-18610 | An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. |
7.5 | 2019-09-09 | CVE-2019-15639 | main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. |
6.5 | 2019-09-09 | CVE-2019-15297 | res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. |
5.3 | 2019-07-12 | CVE-2019-13161 | An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). |
6.5 | 2019-07-12 | CVE-2019-12827 | Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. |
6.5 | 2019-03-28 | CVE-2019-7251 | An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation. |
7.5 | 2018-11-14 | CVE-2018-19278 | Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length. |
7.5 | 2018-09-24 | CVE-2018-17281 | There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. |
5.3 | 2018-06-12 | CVE-2018-12227 | An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
25% (2) | CWE-476 | NULL Pointer Dereference |
25% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
12% (1) | CWE-200 | Information Exposure |
12% (1) | CWE-190 | Integer Overflow or Wraparound |
12% (1) | CWE-20 | Improper Input Validation |
Snort® IPS/IDS
Date | Description |
---|---|
2020-05-07 | Asterisk Manager Interface Originate action arbitrary command execution attempt RuleID : 53579 - Type : PROTOCOL-VOIP - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-11-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-11.nasl - Type: ACT_GATHER_INFO |
2018-11-15 | Name: A telephony application running on the remote host is affected by a denial of... File: asterisk_ast_2018_010.nasl - Type: ACT_GATHER_INFO |
2018-10-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4320.nasl - Type: ACT_GATHER_INFO |
2018-09-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-1523.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: A telephony application running on the remote host is affected by a remote de... File: asterisk_ast_2018_009.nasl - Type: ACT_GATHER_INFO |
2018-09-24 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_77f67b46bd7511e881b6001999f8d30b.nasl - Type: ACT_GATHER_INFO |
2018-06-15 | Name: A telephony application running on the remote host is affected by multiple vu... File: asterisk_ast_15_x_2018_007-008.nasl - Type: ACT_GATHER_INFO |
2018-06-15 | Name: A telephony application running on the remote host is affected by a remote de... File: asterisk_ast_2018_008.nasl - Type: ACT_GATHER_INFO |