Vulnerability identifier: #VU22934

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18790

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Asterisk Open Source
Server applications / Conferencing, Collaboration and VoIP solutions
Certified Asterisk
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: Digium (Linux Support Services)

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted SIP request, change a SIP peer’s IP address and hijack the calls.

Note: This vulnerability is only exploitable when the “nat” option is set to the default, or “auto_force_rport”.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Asterisk Open Source: 13.0.0 - 13.29.1, 16.0.0 - 16.6.1, 17.0.0

Certified Asterisk: 13.21 - 13.21-cert4

---

External links
http://seclists.org/fulldisclosure/2019/Nov/18
http://www.asterisk.org/downloads/security-advisories
http://issues.asterisk.org/jira/browse/ASTERISK-28589

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.