CVE-2023-49786

🗓️ 14 Dec 2023 19:47:46Reported by GitHub_MType

Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1 as well as certified-asterisk prior to 18.9-cert6 allows DoS via race condition in DTLS protocol

Reporter	Title	Published	Views	Family All 52
AlpineLinux	CVE-2023-49786	14 Dec 202319:47	–	alpinelinux
BDU FSTEC	The vulnerability of the implementations of DTLS (Datagram Transport Layer Security) and SRTP protocols in Asterisk IP-telephony management systems and Certified Asterisk allows a attacker to induce a service failure.	19 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-49786	20 Dec 202311:00	–	circl
CNNVD	Asterisk Security Vulnerabilities	14 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-49786 Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation	14 Dec 202319:47	–	cvelist
Debian	[SECURITY] [DLA 3696-1] asterisk security update	28 Dec 202323:01	–	debian
Debian	[SECURITY] [DSA 5596-1] asterisk security update	4 Jan 202421:21	–	debian
Debian CVE	CVE-2023-49786	14 Dec 202319:47	–	debiancve
Tenable Nessus	Debian dla-3696 : asterisk - security update	22 Jan 202500:00	–	nessus
Tenable Nessus	Fedora 44 : asterisk (2026-38d71393c1)	30 Apr 202600:00	–	nessus

NVD

Vulners

Node

digium asteriskRange<18.20.1

digium asteriskRange19.0.0–20.5.1

digium asteriskMatch21.0.0

sangoma certified_asteriskMatch13.13.0

sangoma certified_asteriskMatch13.13.0cert1

sangoma certified_asteriskMatch13.13.0cert1-rc1

sangoma certified_asteriskMatch13.13.0cert1-rc2

sangoma certified_asteriskMatch13.13.0cert1-rc3

sangoma certified_asteriskMatch13.13.0cert1-rc4

sangoma certified_asteriskMatch13.13.0cert2

sangoma certified_asteriskMatch13.13.0cert3

sangoma certified_asteriskMatch13.13.0rc1

sangoma certified_asteriskMatch13.13.0rc2

sangoma certified_asteriskMatch16.8.0-

sangoma certified_asteriskMatch16.8.0cert1

sangoma certified_asteriskMatch16.8.0cert10

sangoma certified_asteriskMatch16.8.0cert11

sangoma certified_asteriskMatch16.8.0cert12

sangoma certified_asteriskMatch16.8.0cert2

sangoma certified_asteriskMatch16.8.0cert3

sangoma certified_asteriskMatch16.8.0cert4

sangoma certified_asteriskMatch16.8.0cert5

sangoma certified_asteriskMatch16.8.0cert6

sangoma certified_asteriskMatch16.8.0cert7

sangoma certified_asteriskMatch16.8.0cert8

sangoma certified_asteriskMatch16.8.0cert9

sangoma certified_asteriskMatch18.9cert1

sangoma certified_asteriskMatch18.9cert2

sangoma certified_asteriskMatch18.9cert3

sangoma certified_asteriskMatch18.9cert4

sangoma certified_asteriskMatch18.9cert5

[
  {
    "vendor": "asterisk",
    "product": "asterisk",
    "versions": [
      {
        "version": "< 18.20.1",
        "status": "affected"
      },
      {
        "version": ">= 19.0.0, < 20.5.1",
        "status": "affected"
      },
      {
        "version": "= 21.0.0",
        "status": "affected"
      },
      {
        "version": "< 18.9-cert6",
        "status": "affected"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2023/12/msg00019.html
packetstormsecurity	www.packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
github	www.github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
github	www.github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
openwall	www.openwall.com/lists/oss-security/2023/12/15/7
github	www.github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
seclists	www.seclists.org/fulldisclosure/2023/Dec/24

21 Nov 2024 08:33Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.15.9 - 7.5

EPSS0.00077

SSVC