Executive Summary

Name CVE-2018-7285 First vendor Publication 2018-02-21
Vendor Cve Last vendor Modification 2018-03-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7285

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

Application 912

Nessus® Vulnerability Scanner

Date Description
2018-03-02 Name : A telephony application running on the remote host is affected by multiple vu...
File : asterisk_ast_2018_001-006.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/103149
CONFIRM http://downloads.asterisk.org/pub/security/AST-2018-001.html
SECTRACK http://www.securitytracker.com/id/1040415

Alert History

If you want to see full details history, please login or register.
Date Informations
2021-05-05 01:32:01
  • Multiple Updates
2021-05-04 13:19:55
  • Multiple Updates
2021-04-22 02:34:36
  • Multiple Updates
2020-05-23 02:20:04
  • Multiple Updates
2020-05-23 01:19:08
  • Multiple Updates
2018-06-14 12:06:18
  • Multiple Updates
2018-03-21 17:19:23
  • Multiple Updates
2018-02-28 09:20:26
  • Multiple Updates
2018-02-24 09:20:11
  • Multiple Updates
2018-02-22 09:20:02
  • Multiple Updates
2018-02-22 05:18:52
  • First insertion