PT-2017-13258 · Sipwise · Rtpproxy

Klaus-Peter Junghanns

Published

2017-09-02

Updated

2017-09-19

CVE-2017-14114

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions RTPproxy versions prior to 2.2.alpha.20160823

Description The issue allows remote attackers to obtain sensitive information or cause a denial of service via crafted RTP packets, due to a NAT feature not properly determining the IP address and port number of the legitimate recipient of RTP traffic.

Recommendations For versions prior to 2.2.alpha.20160823, update to a version that fixes this issue to prevent remote attackers from obtaining sensitive information or causing a denial of service.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-14114

Affected Products

Rtpproxy

PT-2017-13258 · Sipwise · Rtpproxy

CVE-2017-14114

Weakness Enumeration

Related Identifiers

Affected Products

References · 6