Lucene search
HistoryJun 02, 2012 - 3:55 p.m.
CVE-2012-2948
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.9 Medium
AI Score
Confidence
Low
0.96 High
EPSS
Percentile
99.5%
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
Affected configurations
Node
asteriskcertified_asteriskMatch1.8.11cert
ORasteriskcertified_asteriskMatch1.8.11cert1
Node
asteriskopen_sourceRange≤1.8.12.0
ORasteriskopen_sourceMatch1.8.0
ORasteriskopen_sourceMatch1.8.0beta1
ORasteriskopen_sourceMatch1.8.0beta2
ORasteriskopen_sourceMatch1.8.0beta3
ORasteriskopen_sourceMatch1.8.0beta4
ORasteriskopen_sourceMatch1.8.0beta5
ORasteriskopen_sourceMatch1.8.0rc1
ORasteriskopen_sourceMatch1.8.0rc2
ORasteriskopen_sourceMatch1.8.0rc3
ORasteriskopen_sourceMatch1.8.0rc4
ORasteriskopen_sourceMatch1.8.0rc5
ORasteriskopen_sourceMatch1.8.1
ORasteriskopen_sourceMatch1.8.1rc1
ORasteriskopen_sourceMatch1.8.2
ORasteriskopen_sourceMatch1.8.2rc1
ORasteriskopen_sourceMatch1.8.3rc1
ORasteriskopen_sourceMatch1.8.5rc1
ORasteriskopen_sourceMatch1.8.5.0
ORasteriskopen_sourceMatch1.8.6.0
ORasteriskopen_sourceMatch1.8.6.0rc1
ORasteriskopen_sourceMatch1.8.6.0rc2
ORasteriskopen_sourceMatch1.8.6.0rc3
ORasteriskopen_sourceMatch1.8.7.0
ORasteriskopen_sourceMatch1.8.7.0rc1
ORasteriskopen_sourceMatch1.8.7.0rc2
ORasteriskopen_sourceMatch1.8.8.0
ORasteriskopen_sourceMatch1.8.8.0rc1
ORasteriskopen_sourceMatch1.8.8.0rc2
ORasteriskopen_sourceMatch1.8.8.0rc3
ORasteriskopen_sourceMatch1.8.8.0rc4
ORasteriskopen_sourceMatch1.8.8.0rc5
ORasteriskopen_sourceMatch1.8.9.0
ORasteriskopen_sourceMatch1.8.9.0rc1
ORasteriskopen_sourceMatch1.8.9.0rc2
ORasteriskopen_sourceMatch1.8.9.0rc3
ORasteriskopen_sourceMatch1.8.10.0
ORasteriskopen_sourceMatch1.8.10.0rc1
ORasteriskopen_sourceMatch1.8.10.0rc2
ORasteriskopen_sourceMatch1.8.10.0rc3
ORasteriskopen_sourceMatch1.8.10.0rc4
ORasteriskopen_sourceMatch1.8.11.0
ORasteriskopen_sourceMatch1.8.11.0rc2
ORasteriskopen_sourceMatch1.8.11.0rc3
ORasteriskopen_sourceMatch1.8.12
ORasteriskopen_sourceMatch1.8.12.0rc1
ORasteriskopen_sourceMatch1.8.12.0rc2
ORasteriskopen_sourceMatch1.8.12.0rc3
Node
asteriskopen_sourceRange≤10.4.0
ORasteriskopen_sourceMatch10.0.0
ORasteriskopen_sourceMatch10.0.0beta1
ORasteriskopen_sourceMatch10.0.0beta2
ORasteriskopen_sourceMatch10.0.0rc1
ORasteriskopen_sourceMatch10.0.0rc2
ORasteriskopen_sourceMatch10.0.0rc3
ORasteriskopen_sourceMatch10.1.0
ORasteriskopen_sourceMatch10.1.0rc1
ORasteriskopen_sourceMatch10.1.0rc2
ORasteriskopen_sourceMatch10.2.0
ORasteriskopen_sourceMatch10.2.0rc1
ORasteriskopen_sourceMatch10.2.0rc2
ORasteriskopen_sourceMatch10.2.0rc3
ORasteriskopen_sourceMatch10.2.0rc4
ORasteriskopen_sourceMatch10.3
ORasteriskopen_sourceMatch10.3.0
ORasteriskopen_sourceMatch10.3.0rc2
ORasteriskopen_sourceMatch10.3.0rc3
ORasteriskopen_sourceMatch10.4.0rc1
ORasteriskopen_sourceMatch10.4.0rc2
ORasteriskopen_sourceMatch10.4.0rc3
References
Related
nessus
nessus
Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)
2012-06-14 00:00:00
FreeBSD : asterisk -- multiple vulnerabilities (359f615d-a9e1-11e1-8a66-14dae9ebcf89)
2012-05-30 00:00:00
Debian DSA-2493-1 : asterisk - denial of service
2012-06-29 00:00:00
securityvulns
securityvulns
AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
2012-05-31 00:00:00
Asterisk security vulnerabilities
2012-05-31 00:00:00
cve
cve
CVE-2012-2948
2012-06-02 15:55:01
CVE-2012-3553
2022-10-03 16:15:23
checkpoint_advisories
checkpoint_advisories
Digium Asterisk Skinny Channel NULL-Pointer Dereference (CVE-2012-2948)
2012-08-27 00:00:00
debiancve
debiancve
CVE-2012-2948
2012-06-02 15:55:01
CVE-2012-3553
2022-10-03 16:15:23
cvelist
cvelist
CVE-2012-2948
2012-06-02 15:00:00
CVE-2012-3553
2022-10-03 16:15:23
prion
prion
Null pointer dereference
2012-06-02 15:55:00
Null pointer dereference
2012-06-19 20:55:00
ubuntucve
ubuntucve
CVE-2012-2948
2012-06-02 00:00:00
CVE-2012-3553
2012-06-19 00:00:00
openvas
openvas
FreeBSD Ports: asterisk10
2012-08-10 00:00:00
FreeBSD Ports: asterisk10
2012-08-10 00:00:00
FreeBSD Ports: asterisk16
2012-05-31 00:00:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2012-05-29 00:00:00
nvd
nvd
CVE-2012-3553
2012-06-19 20:55:07
osv
osv
asterisk - denial of service
2012-06-12 00:00:00
debian
debian
[SECURITY] [DSA 2493-1] asterisk security update
2012-06-12 19:38:06
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2012-06-21 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.9 Medium
AI Score
Confidence
Low
0.96 High
EPSS
Percentile
99.5%
Related for NVD:CVE-2012-2948