PT-2014-8511 · Digium · Asterisk

Yaron Nahum

Published

2014-11-24

Updated

2019-07-16

CVE-2014-8415

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 12.x through 12.7.0 Asterisk Open Source versions 13.x through 13.0.0

Description A race condition exists in the chan pjsip channel driver, allowing remote attackers to cause a denial of service via a cancel request for a SIP session with a queued action to answer a session or send ringing.

Recommendations For Asterisk Open Source versions 12.x through 12.7.0, update to version 12.7.1 or later. For Asterisk Open Source versions 13.x through 13.0.0, update to version 13.0.1 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-8415

Affected Products

Asterisk

PT-2014-8511 · Digium · Asterisk

CVE-2014-8415

Weakness Enumeration

Related Identifiers

Affected Products

References · 6