CVE-2018-7286
Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
Se ha descubierto un problema en Asterisk hasta la versión 13.19.1, versiones 14.x hasta la 14.7.5 y versiones 15.x hasta la 15.2.1; así como Certified Asterisk hasta la versión 13.18-cert2. res_pjsip permite que usuarios remotos autenticados provoquen el cierre inesperado de Asterisk (fallo de segmentación) mediante el envío de mensajes SIP INVITE en una conexión TCP o TLS para después cerrar la conexión repentinamente.
Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-21 CVE Reserved
- 2018-02-22 CVE Published
- 2018-02-26 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103129 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040417 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/146580 | 2018-02-26 | |
| https://www.exploit-db.com/exploits/44181 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2018-005.html | 2019-10-03 | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27618 | 2019-10-03 | |
| https://www.debian.org/security/2018/dsa-4320 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 14.0.0 <= 14.7.5 Search vendor "Digium" for product "Asterisk" and version " >= 14.0.0 <= 14.7.5" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 15.0.0 <= 15.2.1 Search vendor "Digium" for product "Asterisk" and version " >= 15.0.0 <= 15.2.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 13.19.1 Search vendor "Digium" for product "Asterisk" and version "13.19.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | <= 13.18 Search vendor "Digium" for product "Certified Asterisk" and version " <= 13.18" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||