Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ASTERISK_AST_2018_001-006.NASL
HistoryMar 02, 2018 - 12:00 a.m.

Asterisk 15.x < 15.2.2 Multiple Vulnerabilities (AST-2018-001 - AST-2018-006)

2018-03-0200:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

According to its SIP banner, the version of Asterisk running on the remote host is 15.x prior to 15.2.2. It is therefore, affected by multiple vulnerabilities as described in AST-2018-001, AST-2018-002, AST-2018-003, AST-2018-004, AST-2018-005, & AST-2018-006 advisories.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(107100);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2018-7284",
    "CVE-2018-7285",
    "CVE-2018-7286",
    "CVE-2018-7287"
  );
  script_bugtraq_id(
    103120,
    103129,
    103149,
    103151
  );

  script_name(english:"Asterisk 15.x < 15.2.2 Multiple Vulnerabilities (AST-2018-001 - AST-2018-006)");

  script_set_attribute(attribute:"synopsis", value:
"A telephony application running on the remote host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its SIP banner, the version of Asterisk running on the
remote host is 15.x prior to 15.2.2. It is therefore, affected by
multiple vulnerabilities as described in AST-2018-001, 
AST-2018-002, AST-2018-003, AST-2018-004, AST-2018-005,
& AST-2018-006 advisories.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2018-001.html");
  script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2018-002.html");
  script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2018-003.html");
  script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2018-004.html");
  script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2018-005.html");
  script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2018-006.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Asterisk version 15.2.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7285");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:digium:asterisk");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("asterisk_detection.nasl");
  script_require_keys("asterisk/sip_detected", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

get_kb_item_or_exit("asterisk/sip_detected");

asterisk_kbs = get_kb_list_or_exit("sip/asterisk/*/version");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

is_vuln = FALSE;
not_vuln_installs = make_list();
errors = make_list();

foreach kb_name (keys(asterisk_kbs))
{
  vulnerable = 0;

  matches = pregmatch(pattern:"/(udp|tcp)/([0-9]+)/version", string:kb_name);
  if (isnull(matches))
  {
    errors = make_list(errors, "Unexpected error parsing port number from '"+kb_name+"'.");
    continue;
  }

  proto = matches[1];
  port  = matches[2];
  version = asterisk_kbs[kb_name];

  if (version == 'unknown')
  {
    errors = make_list(errors, "Unable to obtain version of installation on " + proto + "/" + port + ".");
    continue;
  }

  banner = get_kb_item("sip/asterisk/" + proto + "/" + port + "/source");
  if (!banner)
  {
    # We have version but banner is missing;
    # log error and use in version-check though.
    errors = make_list(errors, "KB item 'sip/asterisk/" + proto + "/" + port + "/source' is missing.");
    banner = 'unknown';
  }

  if (version =~ "^15([^0-9])" && "cert" >!< tolower(version))
  {
    fixed = "15.2.2";
    vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk");
  }

  if (vulnerable < 0)
  {
    is_vuln = TRUE;
    report =
        '\n  Version source    : ' + banner +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fixed +
        '\n';
      security_report_v4(severity:SECURITY_WARNING, port:port, proto:proto, extra:report);
  }
  else not_vuln_installs = make_list(not_vuln_installs, version + " on port " + proto + "/" + port);
}

if (max_index(errors))
{
  if (max_index(errors) == 1) errmsg = errors[0];
  else errmsg = 'Errors were encountered verifying installations : \n  ' + join(errors, sep:'\n  ');

  exit(1, errmsg);
}
else
{
  installs = max_index(not_vuln_installs);
  if (installs == 0)
  {
    if (is_vuln) exit(0);
    else audit(AUDIT_NOT_INST, "Asterisk");
  }
  else audit(AUDIT_INST_VER_NOT_VULN, "Asterisk", not_vuln_installs);
}
VendorProductVersionCPE
digiumasteriskcpe:/a:digium:asterisk

Related

freebsd 1
nessus 4
openvas 3
osv 5
debian 1
ubuntucve 4
cve 4
prion 4
exploitpack 2
checkpoint_advisories 4
zdt 2
debiancve 4
packetstorm 2
redhatcve 1
exploitdb 2
freebsd
freebsd
asterisk -- multiple vulnerabilities
2018-02-21 00:00:00
nessus
nessus
FreeBSD : asterisk -- multiple vulnerabilities (933654ce-17b8-11e8-90b8-001999f8d30b)
2018-02-23 00:00:00
Asterisk 13.x < 13.19.2 / 14.x < 14.7.6 / 13.13 < 13.18-cert3 Multiple DoS Vulnerabilities (AST-2018-002, AST-2018-003, AST-2018-004, & AST-2018-005)
2018-03-02 00:00:00
Debian DSA-4320-1 : asterisk - security update
2018-10-17 00:00:00
openvas
openvas
Asterisk Multiple Vulnerabilities
2018-02-22 00:00:00
Asterisk Multiple Vulnerabilities
2018-02-22 00:00:00
Debian: Security Advisory (DSA-4320-1)
2018-10-15 00:00:00
osv
osv
asterisk - security update
2018-10-16 00:00:00
CVE-2018-7287
2018-02-22 00:29:01
CVE-2018-7284
2018-02-22 00:29:01
debian
debian
[SECURITY] [DSA 4320-1] asterisk security update
2018-10-16 21:54:17
ubuntucve
ubuntucve
CVE-2018-7287
2018-02-22 00:00:00
CVE-2018-7286
2018-02-22 00:00:00
CVE-2018-7284
2018-02-22 00:00:00
cve
cve
CVE-2018-7286
2018-02-22 00:29:00
CVE-2018-7287
2018-02-22 00:29:00
CVE-2018-7284
2018-02-22 00:29:00
prion
prion
Buffer overflow
2018-02-22 00:29:00
Design/Logic Flaw
2018-02-22 00:29:00
Design/Logic Flaw
2018-02-22 00:29:00
exploitpack
exploitpack
Asterisk chan_pjsip 15.2.0 - SUBSCRIBE Stack Corruption
2018-02-27 00:00:00
Asterisk chan_pjsip 15.2.0 - INVITE Denial of Service
2018-02-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk WebSocket Denial of Service (CVE-2018-7287)
2019-01-13 00:00:00
Digium Asterisk Out-of-Bounds Write (CVE-2018-7284)
2018-05-02 00:00:00
Digium Asterisk Denial of Service (CVE-2018-7286)
2019-01-17 00:00:00
zdt
zdt
Asterisk 15.2.0 chan_pjsip INVITE Denial Of Service Exploit
2018-02-27 00:00:00
Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption Exploit
2018-02-27 00:00:00
debiancve
debiancve
CVE-2018-7286
2018-02-22 00:29:00
CVE-2018-7284
2018-02-22 00:29:00
CVE-2018-7287
2018-02-22 00:29:00
packetstorm
packetstorm
Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption
2018-02-26 00:00:00
Asterisk 15.2.0 chan_pjsip INVITE Denial Of Service
2018-02-26 00:00:00
redhatcve
redhatcve
CVE-2018-7284
2022-05-20 23:49:53
exploitdb
exploitdb
Asterisk chan_pjsip 15.2.0 - &#039;INVITE&#039; Denial of Service
2018-02-27 00:00:00
Asterisk chan_pjsip 15.2.0 - &#039;SUBSCRIBE&#039; Stack Corruption
2018-02-27 00:00:00
JSON
Related for ASTERISK_AST_2018_001-006.NASL
freebsd1nessus4openvas3osv5debian1ubuntucve4cve4prion4exploitpack2checkpoint_advisories4zdt2debiancve4packetstorm2redhatcve1exploitdb2