CVE-2018-7285

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

Se ha descubierto un problema de acceso a puntero NULL en las versiones 15.x de Asterisk hasta la versión 15.2.1. El soporte RTP en Asterisk mantiene su propio registro de códecs dinámicos y números de carga útil deseados. Aunque una negociación SDP puede resultar en que un códec emplee un número de carga útil diferente, aquellos que se deseen se siguen almacenando internamente. Cuando se recibía un paquete RTP, este registro sería consultado si el número de carga útil no se encontraba en el SDP negociado. Este registro se consultaba erróneamente para todos los paquetes, incluso los dinámicos. Si el número de carga útil resultaba en un códec con tipo diferente a la transmisión RTP (por ejemplo, el número de payload resultaba en un códec de vídeo, pero la transmisión contenía audio), podría ocurrir un cierre inesperado si no se había negociado una transmisión de ese tipo. Esto se debe a que el código asume erróneamente que una transmisión de este tipo existiría siempre.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-02-21 CVE Reserved
2018-02-21 CVE Published
2023-12-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/103149	Third Party Advisory
http://www.securitytracker.com/id/1040415	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://downloads.asterisk.org/pub/security/AST-2018-001.html	2018-03-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				>= 15.0.0 <= 15.2.1 Search vendor "Digium" for product "Asterisk" and version " >= 15.0.0 <= 15.2.1"		-		Affected