CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2019-18790
https://notcve.org/view.php?id=CVE-2019-18790
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. • http://downloads.asterisk.org/pub/security/AST-2019-006.html https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html https://www.asterisk.org/downloads/security-advisories • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15639
https://notcve.org/view.php?id=CVE-2019-15639
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. El archivo main/translate.c en Sangoma Asterisk versiones 13.28.0 y 16.5.0, permite a un atacante remoto enviar un paquete RTP específico durante una llamada y causar un bloqueo en un escenario específico. • http://downloads.asterisk.org/pub/security/AST-2019-005.html http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2019-15297
https://notcve.org/view.php?id=CVE-2019-15297
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference. res_pjsip_t38 en Sangoma Asterisk 15.x antes de 15.7.4 y 16.x antes de 16.5.1 permite a un atacante desencadenar un fallo enviando un flujo rechazado en una respuesta a una reinvitación T.38 iniciada por Asterisk. El fallo se produce debido a una derivación de objeto de medios de sesión NULL. • http://downloads.asterisk.org/pub/security/AST-2019-004.html http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html http://seclists.org/fulldisclosure/2021/Mar/5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 217EXPL: 0CVE-2019-13161
https://notcve.org/view.php?id=CVE-2019-13161
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). Se detectó un problema en Asterisk Open Source hasta versiones 13.27.0, 14.x y 15.x hasta 15.7.2, y versiones 16.x hasta 16.4.0, y Certified Asterisk hasta versión 13.21-cert3. • http://downloads.digium.com/pub/security/AST-2019-003.html https://issues.asterisk.org/jira/browse/ASTERISK-28465 https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 4%CPEs: 8EXPL: 0CVE-2019-12827
https://notcve.org/view.php?id=CVE-2019-12827
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. Desbordamiento de búfer en res_pjsip_messaging en Digium Asterisk versiones 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 versiones anteriores permite a los atacantes remotos autenticados cerrar inesperadamente Asterisk enviando un mensaje SIP MESSAGE especialmente diseñado. • http://downloads.digium.com/pub/security/AST-2019-002.html https://issues.asterisk.org/jira/browse/ASTERISK-28447 • CWE-787: Out-of-bounds Write •