Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-14603
HistoryOct 10, 2017 - 1:30 a.m.

CVE-2017-14603

2017-10-1001:30:21
CWE-200
[email protected]
web.nvd.nist.gov
62
cve
asterisk
security
rtcp
validation
vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the “nat” and “symmetric_rtp” options allow redirecting where Asterisk sends the next RTCP report.

Affected configurations

NVD
Node
digiumasteriskMatch13.0.0lts
OR
digiumasteriskMatch13.0.0beta1
OR
digiumasteriskMatch13.0.0beta2
OR
digiumasteriskMatch13.0.0beta3
OR
digiumasteriskMatch13.0.1
OR
digiumasteriskMatch13.0.2
OR
digiumasteriskMatch13.1.0
OR
digiumasteriskMatch13.1.0rc1
OR
digiumasteriskMatch13.1.0rc2
OR
digiumasteriskMatch13.1.1
OR
digiumasteriskMatch13.2.0
OR
digiumasteriskMatch13.2.0rc1
OR
digiumasteriskMatch13.2.1
OR
digiumasteriskMatch13.3.0rc1
OR
digiumasteriskMatch13.3.2
OR
digiumasteriskMatch13.4.0
OR
digiumasteriskMatch13.4.0rc1
OR
digiumasteriskMatch13.5.0
OR
digiumasteriskMatch13.5.0rc1
OR
digiumasteriskMatch13.6.0rc1
OR
digiumasteriskMatch13.7.0rc1
OR
digiumasteriskMatch13.7.0rc2
OR
digiumasteriskMatch13.7.1
OR
digiumasteriskMatch13.7.2
OR
digiumasteriskMatch13.8.0
OR
digiumasteriskMatch13.8.0rc1
OR
digiumasteriskMatch13.8.1
OR
digiumasteriskMatch13.8.2
OR
digiumasteriskMatch13.9.0
OR
digiumasteriskMatch13.9.1
OR
digiumasteriskMatch13.10.0
OR
digiumasteriskMatch13.10.0rc1
OR
digiumasteriskMatch13.11.0
OR
digiumasteriskMatch13.11.1
OR
digiumasteriskMatch13.11.2
OR
digiumasteriskMatch13.12
OR
digiumasteriskMatch13.12.0
OR
digiumasteriskMatch13.12.1
OR
digiumasteriskMatch13.12.2
OR
digiumasteriskMatch13.13
OR
digiumasteriskMatch13.13.0
OR
digiumasteriskMatch13.13.1
OR
digiumasteriskMatch13.14.0
OR
digiumasteriskMatch13.14.0rc1
OR
digiumasteriskMatch13.14.0rc2
OR
digiumasteriskMatch13.14.1
OR
digiumasteriskMatch13.15.0
OR
digiumasteriskMatch13.15.0rc1
OR
digiumasteriskMatch13.15.0rc2
OR
digiumasteriskMatch13.15.0rc3
OR
digiumasteriskMatch13.15.1
OR
digiumasteriskMatch13.16.0
OR
digiumasteriskMatch13.16.0rc1
OR
digiumasteriskMatch13.16.0rc2
OR
digiumasteriskMatch13.17.0
OR
digiumasteriskMatch13.17.0rc1
Node
digiumasteriskMatch14.0
OR
digiumasteriskMatch14.0.0
OR
digiumasteriskMatch14.0.0beta1
OR
digiumasteriskMatch14.0.0beta2
OR
digiumasteriskMatch14.0.0rc1
OR
digiumasteriskMatch14.0.0rc2
OR
digiumasteriskMatch14.0.1
OR
digiumasteriskMatch14.0.2
OR
digiumasteriskMatch14.1
OR
digiumasteriskMatch14.01
OR
digiumasteriskMatch14.1.0
OR
digiumasteriskMatch14.1.1
OR
digiumasteriskMatch14.1.2
OR
digiumasteriskMatch14.02
OR
digiumasteriskMatch14.2
OR
digiumasteriskMatch14.2.0
OR
digiumasteriskMatch14.2.1
OR
digiumasteriskMatch14.3.0
OR
digiumasteriskMatch14.3.0rc1
OR
digiumasteriskMatch14.3.0rc2
OR
digiumasteriskMatch14.3.1
OR
digiumasteriskMatch14.4.0
OR
digiumasteriskMatch14.4.0rc1
OR
digiumasteriskMatch14.4.0rc2
OR
digiumasteriskMatch14.4.0rc3
OR
digiumasteriskMatch14.4.1
OR
digiumasteriskMatch14.5.0
OR
digiumasteriskMatch14.5.0rc1
OR
digiumasteriskMatch14.5.0rc2
OR
digiumasteriskMatch14.6.0
OR
digiumasteriskMatch14.6.0rc1
Node
digiumasteriskMatch11.0.0
OR
digiumasteriskMatch11.0.0beta1
OR
digiumasteriskMatch11.0.0beta2
OR
digiumasteriskMatch11.0.0rc1
OR
digiumasteriskMatch11.0.0rc2
OR
digiumasteriskMatch11.0.1
OR
digiumasteriskMatch11.0.2
OR
digiumasteriskMatch11.1.0
OR
digiumasteriskMatch11.1.0rc1
OR
digiumasteriskMatch11.1.0rc2
OR
digiumasteriskMatch11.1.0rc3
OR
digiumasteriskMatch11.1.1
OR
digiumasteriskMatch11.1.2
OR
digiumasteriskMatch11.2.0rc1
OR
digiumasteriskMatch11.2.1
OR
digiumasteriskMatch11.2.2
OR
digiumasteriskMatch11.4.0rc4
OR
digiumasteriskMatch11.6.0
OR
digiumasteriskMatch11.6.0rc1
OR
digiumasteriskMatch11.6.0rc2
OR
digiumasteriskMatch11.6.1
OR
digiumasteriskMatch11.7.0
OR
digiumasteriskMatch11.7.0rc1
OR
digiumasteriskMatch11.7.0rc2
OR
digiumasteriskMatch11.8.0-
OR
digiumasteriskMatch11.8.0rc1
OR
digiumasteriskMatch11.8.0rc2
OR
digiumasteriskMatch11.8.0rc3
OR
digiumasteriskMatch11.8.1
OR
digiumasteriskMatch11.9.0
OR
digiumasteriskMatch11.9.0rc1
OR
digiumasteriskMatch11.9.0rc2
OR
digiumasteriskMatch11.9.0rc3
OR
digiumasteriskMatch11.10.0
OR
digiumasteriskMatch11.10.0rc1
OR
digiumasteriskMatch11.10.1
OR
digiumasteriskMatch11.10.1rc1
OR
digiumasteriskMatch11.10.2
OR
digiumasteriskMatch11.11.0
OR
digiumasteriskMatch11.11.0rc1
OR
digiumasteriskMatch11.12.0
OR
digiumasteriskMatch11.12.0rc1
OR
digiumasteriskMatch11.12.1
OR
digiumasteriskMatch11.13.0
OR
digiumasteriskMatch11.13.0rc1
OR
digiumasteriskMatch11.13.1
OR
digiumasteriskMatch11.14.0lts
OR
digiumasteriskMatch11.14.0rc1
OR
digiumasteriskMatch11.14.0rc2
OR
digiumasteriskMatch11.14.1
OR
digiumasteriskMatch11.14.2
OR
digiumasteriskMatch11.15.0rc1
OR
digiumasteriskMatch11.15.0rc2
OR
digiumasteriskMatch11.15.1
OR
digiumasteriskMatch11.16.0rc1
OR
digiumasteriskMatch11.17.0rc1
OR
digiumasteriskMatch11.17.1
OR
digiumasteriskMatch11.18.0
OR
digiumasteriskMatch11.18.0rc1
OR
digiumasteriskMatch11.19.0rc1
OR
digiumasteriskMatch11.20.0rc1
OR
digiumasteriskMatch11.21.0rc1
OR
digiumasteriskMatch11.21.0rc2
OR
digiumasteriskMatch11.21.1
OR
digiumasteriskMatch11.21.2
OR
digiumasteriskMatch11.22.0
OR
digiumasteriskMatch11.22.0rc1
OR
digiumasteriskMatch11.23.0
OR
digiumasteriskMatch11.23.0rc1
OR
digiumasteriskMatch11.23.1
OR
digiumasteriskMatch11.24.0
OR
digiumasteriskMatch11.24.1
OR
digiumasteriskMatch11.25.0
OR
digiumasteriskMatch11.25.1
Node
digiumcertified_asteriskMatch11.6cert1
OR
digiumcertified_asteriskMatch11.6cert1_rc1
OR
digiumcertified_asteriskMatch11.6cert1_rc2
OR
digiumcertified_asteriskMatch11.6cert10
OR
digiumcertified_asteriskMatch11.6cert11
OR
digiumcertified_asteriskMatch11.6cert12
OR
digiumcertified_asteriskMatch11.6cert13
OR
digiumcertified_asteriskMatch11.6cert14
OR
digiumcertified_asteriskMatch11.6cert14_rc1
OR
digiumcertified_asteriskMatch11.6cert14_rc2
OR
digiumcertified_asteriskMatch11.6cert15
OR
digiumcertified_asteriskMatch11.6cert16
OR
digiumcertified_asteriskMatch11.6cert2
OR
digiumcertified_asteriskMatch11.6cert3
OR
digiumcertified_asteriskMatch11.6cert4
OR
digiumcertified_asteriskMatch11.6cert5
OR
digiumcertified_asteriskMatch11.6cert6
OR
digiumcertified_asteriskMatch11.6cert7
OR
digiumcertified_asteriskMatch11.6cert8
OR
digiumcertified_asteriskMatch11.6cert9
Node
digiumcertified_asteriskMatch13.13cert1
OR
digiumcertified_asteriskMatch13.13cert1_rc1
OR
digiumcertified_asteriskMatch13.13cert1_rc2
OR
digiumcertified_asteriskMatch13.13cert1_rc3
OR
digiumcertified_asteriskMatch13.13cert1_rc4
OR
digiumcertified_asteriskMatch13.13cert2
OR
digiumcertified_asteriskMatch13.13cert3
OR
digiumcertified_asteriskMatch13.13cert4

Related

cvelist 1
nessus 3
osv 2
prion 1
debiancve 1
openvas 2
ubuntucve 1
nvd 1
debian 1
gentoo 1
cvelist
cvelist
CVE-2017-14603
2017-10-09 14:00:00
nessus
nessus
Debian DSA-3990-1 : asterisk - security update
2017-10-04 00:00:00
Asterisk 11.x < 11.25.3 / 13.x < 13.17.2 / 14.x < 14.6.2 / 11.6 < 11.6-cert18 / 13.13 < 13.13-cert6 RTP/RTCP information leak (AST-2017-008)
2017-10-20 00:00:00
GLSA-201710-29 : Asterisk: Multiple vulnerabilities
2017-10-30 00:00:00
osv
osv
CVE-2017-14603
2017-10-10 01:30:21
asterisk - security update
2017-10-03 00:00:00
prion
prion
Design/Logic Flaw
2017-10-10 01:30:00
debiancve
debiancve
CVE-2017-14603
2017-10-10 01:30:21
openvas
openvas
Debian: Security Advisory (DSA-3990-1)
2017-10-02 00:00:00
Asterisk RTP/RTCP Information Leak Vulnerability (AST-2017-008)
2017-09-20 00:00:00
ubuntucve
ubuntucve
CVE-2017-14603
2017-10-10 00:00:00
nvd
nvd
CVE-2017-14603
2017-10-10 01:30:21
debian
debian
[SECURITY] [DSA 3990-1] asterisk security update
2017-10-03 21:32:33
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2017-10-29 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON
Related for CVE-2017-14603
cvelist1nessus3osv2prion1debiancve1openvas2ubuntucve1nvd1debian1gentoo1