PT-2014-4607 · Digium · Asterisk
Jcolp
+1
·
Published
2014-04-18
·
Updated
2014-04-21
·
CVE-2014-2288
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 12.x through 12.1.0
Description
The issue allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request, when qualify frequency is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request.
Recommendations
For Asterisk Open Source versions 12.x through 12.1.0, update to version 12.1.1 to resolve the issue.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk