PT-2014-8511 · Digium · Asterisk

Yaron Nahum

·

Publicado

2014-11-24

·

Atualizado

2019-07-16

·

CVE-2014-8415

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 12.x through 12.7.0 Asterisk Open Source versions 13.x through 13.0.0
Description A race condition exists in the chan pjsip channel driver, allowing remote attackers to cause a denial of service via a cancel request for a SIP session with a queued action to answer a session or send ringing.
Recommendations For Asterisk Open Source versions 12.x through 12.7.0, update to version 12.7.1 or later. For Asterisk Open Source versions 13.x through 13.0.0, update to version 13.0.1 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2014-8415

Produtos afetados

Asterisk