4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.905 High
EPSS
Percentile
98.8%
The Asterisk project reports:
When Asterisk registers to a SIP TLS device and and
verifies the server, Asterisk will accept signed certificates
that match a common name other than the one Asterisk is
expecting if the signed certificate has a common name
containing a null byte after the portion of the common
name that Asterisk expected. For example, if Asterisk is
trying to register to www.domain.com, Asterisk will accept
certificates of the form
www.domain.com\x00www.someotherdomain.com