PT-2017-13574 · Sangoma · Asterisk
Richard Mudgett
+1
·
Publicado
2017-10-03
·
Atualizado
2017-11-05
·
CVE-2017-14603
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Asterisk versions 11.x through 11.25.2
Asterisk versions 13.x through 13.17.1
Asterisk versions 14.x through 14.6.1
Certified Asterisk versions 11.x through 11.6-cert17
Certified Asterisk versions 13.x through 13.13-cert5
Description
The issue is related to insufficient RTCP packet validation, which could allow reading stale buffer contents. When combined with the
nat and symmetric rtp options, it allows redirecting where Asterisk sends the next RTCP report.Recommendations
For Asterisk versions 11.x through 11.25.2, update to version 11.25.3 or later.
For Asterisk versions 13.x through 13.17.1, update to version 13.17.2 or later.
For Asterisk versions 14.x through 14.6.1, update to version 14.6.2 or later.
For Certified Asterisk versions 11.x through 11.6-cert17, update to version 11.6-cert18 or later.
For Certified Asterisk versions 13.x through 13.13-cert5, update to version 13.13-cert6 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asterisk