CVE-2017-14099

Name of the Vulnerable Software and Affected Versions Asterisk versions 11.x through 11.25.1 Asterisk versions 13.x through 13.17.0 Asterisk versions 14.x through 14.6.0 Certified Asterisk versions 11.x through 11.6-cert16 Certified Asterisk versions 13.x through 13.13-cert4

Description The issue allows unauthorized data disclosure, specifically media takeover in the RTP stack, with careful timing by an attacker. The "strictrtp" option in rtp.conf, enabled by default in Asterisk 11 and above, learns the source address of media for a session and drops any packets that do not originate from the expected address. However, when combined with symmetric RTP support, enabled through the "nat" and "rtp symmetric" options, a change in the strict RTP support introduced an avenue for media hijacking. This occurs when a flood of RTP traffic is received, allowing a new source address to be learned and used for outgoing traffic, thus hijacking the media.

Recommendations For Asterisk versions 11.x through 11.25.1, update to version 11.25.2 or later. For Asterisk versions 13.x through 13.17.0, update to version 13.17.1 or later. For Asterisk versions 14.x through 14.6.0, update to version 14.6.1 or later. For Certified Asterisk versions 11.x through 11.6-cert16, update to version 11.6-cert17 or later. For Certified Asterisk versions 13.x through 13.13-cert4, update to version 13.13-cert5 or later.