Main
Vulnerability Database
Exploits
ID:6419 - Exploit for Denial of service in Asterisk Open Source - CVE-2018-7286
ID:6419 - Exploit for Denial of service in Asterisk Open Source - CVE-2018-7286
Published: June 17, 2021
Vulnerability identifier: #VU10713
Vulnerability risk: Low
CVE-ID: CVE-2018-7286
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Asterisk Open Source
Asterisk Open Source
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of INVITE messages received via the TCP or Transport Layer Security (TLS) protocols. A remote attacker can send a series of specially crafted INVITE messages over a TCP or TLS connection, trigger a segmentation fault and cause the system to crash.
The weakness exists due to improper processing of INVITE messages received via the TCP or Transport Layer Security (TLS) protocols. A remote attacker can send a series of specially crafted INVITE messages over a TCP or TLS connection, trigger a segmentation fault and cause the system to crash.
Remediation
Update to version 13.19.2, 14.7.6, 15.2.2.