Multiple vulnerabilities in Asterisk Open Source and Certified Asterisk



Published: 2022-12-02
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-37325
CVE-2022-42706
CVE-2022-42705
CWE-ID CWE-191
CWE-269
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Asterisk Open Source
Server applications / Conferencing, Collaboration and VoIP solutions

Certified Asterisk
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor Digium (Linux Support Services)

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Integer underflow

EUVDB-ID: #VU69829

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-37325

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an integer underflow within the ooh323 module. A remote non-authenticated attacker can initiate a call with a zero length called or calling party number, trigger an integer underflow and crash Asterisk.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Asterisk Open Source: 16.0.0 - 20.0.0 rc2

Certified Asterisk: 16.3-cert1 - 18.9-cert2

External links

http://downloads.asterisk.org/pub/security/AST-2022-007.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Privilege Management

EUVDB-ID: #VU69828

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42706

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to improper privilege management. A remote user with “config” permissions can view files outside of Asterisk directory via GetConfig AMI Action even if “live_dangerously" is set to "no".

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Asterisk Open Source: 16.0.0 - 20.0.0 rc2

Certified Asterisk: 16.3-cert1 - 18.9-cert2

External links

http://downloads.asterisk.org/pub/security/AST-2022-009.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU69827

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42705

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within res_pjsip_pubsub.c, res_pjsip_outbound_registration.c, pjsip_transport_events.c files when performing activity on a subscription via a reliable transport at the same time Asterisk is also performing activty on that subscription. A remote user can trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Asterisk Open Source: 16.0.0 - 20.0.0 rc2

Certified Asterisk: 16.3-cert1 - 18.9-cert2

External links

http://downloads.asterisk.org/pub/security/AST-2022-008.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###