[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2012-2416Date: (C)2012-04-30   (M)2018-04-13


chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.5
Exploit Score: Exploit Score: 8.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1026963
SECUNIA-48891
BID-53205
OSVDB-81456
FEDORA-2012-6724
asterisk-sipupdate-dos(75101)
http://downloads.asterisk.org/pub/security/AST-2012-006.html
https://issues.asterisk.org/jira/browse/ASTERISK-19770

CWE    1
CWE-119
OVAL    3
oval:org.secpod.oval:def:103742
oval:org.secpod.oval:def:103753
oval:org.secpod.oval:def:103757

© SecPod Technologies