This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Digium First view 2016-12-12
Product Certified Asterisk Last view 2019-07-12
Version 11.6 Type Application
Update cert12  
Edition *  
Language *  
Sofware Edition lts  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:digium:certified_asterisk

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2019-07-12 CVE-2019-13161

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

7.5 2018-09-24 CVE-2018-17281

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

6.5 2018-02-21 CVE-2018-7286

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

7.5 2018-02-21 CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

5.9 2017-12-13 CVE-2017-17664

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

7.5 2017-12-01 CVE-2017-17090

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

7.5 2017-04-17 CVE-2016-7551

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

8.8 2017-04-10 CVE-2017-7617

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

5.3 2016-12-12 CVE-2016-9938

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1) CWE-476 NULL Pointer Dereference
12% (1) CWE-459 Incomplete Cleanup
12% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
12% (1) CWE-399 Resource Management Errors
12% (1) CWE-285 Improper Access Control (Authorization)

Snort® IPS/IDS

Date Description
2019-09-19 Digium Asterisk multiple malformed Accept headers denial of service attempt
RuleID : 51087 - Type : PROTOCOL-VOIP - Revision : 1
2019-09-19 Digium Asterisk multiple malformed Accept headers denial of service attempt
RuleID : 51086 - Type : PROTOCOL-VOIP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-11.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4320.nasl - Type: ACT_GATHER_INFO
2018-09-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1523.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2018_009.nasl - Type: ACT_GATHER_INFO
2018-09-24 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_77f67b46bd7511e881b6001999f8d30b.nasl - Type: ACT_GATHER_INFO
2018-03-02 Name: A telephony application running on the remote host is affected by a Subscribe...
File: asterisk_ast_2018_002-005.nasl - Type: ACT_GATHER_INFO
2018-03-02 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_2018_001-006.nasl - Type: ACT_GATHER_INFO
2018-02-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_933654ce17b811e890b8001999f8d30b.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-66e9367f7e.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4076.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-1225.nasl - Type: ACT_GATHER_INFO
2017-12-28 Name: The remote Fedora host is missing a security update.
File: fedora_2017-38fbcdffc3.nasl - Type: ACT_GATHER_INFO
2017-12-06 Name: A telephony application running on the remote host is affected by a memory ex...
File: asterisk_ast_2017_013.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e91cf90cd6dd11e79d10001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-04-13 Name: A telephony application running on the remote host is affected by a remote co...
File: asterisk_ast_2017_001.nasl - Type: ACT_GATHER_INFO
2016-12-19 Name: A telephony application running on the remote host is affected by an authenti...
File: asterisk_ast_2016_009.nasl - Type: ACT_GATHER_INFO
2016-10-26 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3700.nasl - Type: ACT_GATHER_INFO