Asterisk suffers from a server-side request forgery vulnerability. When using STIR/SHAKEN, it is possible to send arbitrary requests like GET to interfaces such as localhost using the Identity header. Asterisk Open Source versions 16.15.0 up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected.
7727f89aa5888d067b6bf9ed78cdb7e6304adf0a733433e0687a3678d88eb17bWhen using STIR/SHAKEN in Asterisk, it is possible to download files that are not certificates. These files could be much larger than what you would expect to download. Asterisk Open Source versions 16.15.0 up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected.
1fc78214ca3a80d4d46428ca4fdf01c6fc39ae8d4fd32be3d9c901d7bd98b5b1Asterisk Project Security Advisory - If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
7b5bf722297267d2f92ffbd9c74ee0315153dc145925d137aff58dbd10bcf95eAsterisk Project Security Advisory - If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur.
01b4f0b91afa8ead00f323fea3922b3d1fb27aa6ab6e1d11f3fb55cdeac8d9c1Asterisk Project Security Advisory - A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result.
f6ef15929258c9bf9a7eb09fc36ce5def67a2b9d5cf46bd3dd3f473a58858b6f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed