Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Asterisk Remote Crash Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Asterisk is prone to a denial of service vulnerability.
Insight
Insight
Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an 'artificial' endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash when attempting to determine if ACLs should be applied. This issue only affects users using the PJSIP stack with Asterisk. Those users that use chan_sip are unaffected.
Affected Software
Affected Software
Asterisk Open Source 13.10.0
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Version 13.11.1 or later.