Denial of service in Digium Asterisk
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2018-7285 CVE-2018-7284 CVE-2018-7287 CVE-2018-7286 |
| CWE-ID | CWE-20 CWE-835 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Asterisk Open Source Server applications / Conferencing, Collaboration and VoIP solutions |
| Vendor | Digium (Linux Support Services) |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU10697
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7285
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation. A remote attacker can send a specially crafted RTP data during SDP negotiation, trigger a payload number error and cause the service to crash.
Update to version 15.2.2.
Vulnerable software versionsAsterisk Open Source: 15.0.0 - 15.2.1
External linkshttp://downloads.asterisk.org/pub/security/AST-2018-001.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU10698
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7284
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation. A remote attacker can send a SUBSCRIBE request with specially crafted Accept headersб trigger a flaw in the 'res_pjsip_pubsub' module and cause the target service to crash.
Update to version 13.19.2, 14.7.6, 15.2.2.
Vulnerable software versionsAsterisk Open Source: 13.0.0 - 15.2.1
External linkshttp://downloads.asterisk.org/pub/security/AST-2018-004.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Denial of service
EUVDB-ID: #VU10717
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can submit a specially crafted SDP message, which contains an improper fmtp attribute and cause the service to crash.
Update to version 13.19.2, 14.7.6, 15.2.2.
Vulnerable software versionsAsterisk Open Source: 13.0.0 - 15.2.1
External linkshttp://downloads.asterisk.org/pub/security/AST-2018-003.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Denial of service
EUVDB-ID: #VU10716
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can submit a specially crafted SDP message, which contains an improper media format description and cause the service to crash.
Update to version 13.19.2, 14.7.6, 15.2.2.
Vulnerable software versionsAsterisk Open Source: 13.0.0 - 15.2.1
External linkshttp://downloads.asterisk.org/pub/security/AST-2018-002.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU10714
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7287
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the res_http_websocket.c code due to insufficient length checks on WebSocket frames. A remote attacker can send send WebSocket frames with a zero-length payload, trigger a busy loop condition until the underlying socket on the system is closed and cause the service to crash.
Update to version 15.2.2.
Vulnerable software versionsAsterisk Open Source: 15.0.0 - 15.2.1
External linkshttp://downloads.asterisk.org/pub/security/AST-2018-006.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU10713
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of INVITE messages received via the TCP or Transport Layer Security (TLS) protocols. A remote attacker can send a series of specially crafted INVITE messages over a TCP or TLS connection, trigger a segmentation fault and cause the system to crash.
Update to version 13.19.2, 14.7.6, 15.2.2.
Vulnerable software versionsAsterisk Open Source: 13.0.0 - 15.2.1
External linkshttp://downloads.asterisk.org/pub/security/AST-2018-005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
