PT-2021-17106 · Sangoma+1 · Asterisk+1
Alexander Traud
+1
·
Published
2021-02-18
·
Updated
2025-02-13
·
CVE-2021-26712
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Sangoma Asterisk versions 13.38.1 through 18.2.0
Certified Asterisk version 16.8-cert5
Description
The issue is related to incorrect access controls in the res srtp.c module, allowing a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
Recommendations
For Sangoma Asterisk versions 13.38.1 through 18.2.0, update to a version that includes the fix for the incorrect access controls in the res srtp.c module.
For Certified Asterisk version 16.8-cert5, update to a version that includes the fix for the incorrect access controls in the res srtp.c module.
As a temporary workaround, consider restricting access to the res srtp.c module to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Asterisk