CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
84.0%
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
Vendor | Product | Version | CPE |
---|---|---|---|
digium | asterisk_business_edition | c.3.1 | cpe:2.3:a:digium:asterisk_business_edition:c.3.1:*:*:*:*:*:*:* |
digium | asterisk_business_edition | c.3.3 | cpe:2.3:a:digium:asterisk_business_edition:c.3.3:*:*:*:*:*:*:* |
digium | asterisk_business_edition | c.3.7.4 | cpe:2.3:a:digium:asterisk_business_edition:c.3.7.4:*:*:*:*:*:*:* |
digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:* |
digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:* |
digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:* |
digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:* |
digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:* |
digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:* |
digium | asterisk | 1.8.0 | cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:* |
More