7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.04 Low
EPSS
Percentile
92.0%
Asterisk is prone to a RTP resource exhaustion vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:digium:asterisk";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106239");
script_version("2023-12-20T12:22:41+0000");
script_tag(name:"last_modification", value:"2023-12-20 12:22:41 +0000 (Wed, 20 Dec 2023)");
script_tag(name:"creation_date", value:"2016-09-12 12:33:46 +0700 (Mon, 12 Sep 2016)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-04-25 00:39:00 +0000 (Tue, 25 Apr 2017)");
script_cve_id("CVE-2016-7551");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Asterisk RTP Resource Exhaustion Vulnerability (AST-2016-007)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("General");
script_dependencies("gb_digium_asterisk_sip_detect.nasl");
script_mandatory_keys("digium/asterisk/detected");
script_tag(name:"summary", value:"Asterisk is prone to a RTP resource exhaustion vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The overlap dialing feature in chan_sip allows chan_sip to report
to a device that the number that has been dialed is incomplete and more digits are required. If this
functionality is used with a device that has performed username/password authentication RTP
resources are leaked. This occurs because the code fails to release the old RTP resources before
allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur
and no RTP sessions are able to be set up.");
script_tag(name:"impact", value:"An authenticated remote attacker may cause a partial denial of
service condition.");
script_tag(name:"affected", value:"Asterisk Open Source 11.x, 13.x and Certified Asterisk 11.6 and
13.8.");
script_tag(name:"solution", value:"Update to version 11.23.1, 13.11.1, 11.6-cert15, 13.8-cert3
or later.");
script_xref(name:"URL", value:"http://downloads.asterisk.org/pub/security/AST-2016-007.html");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/92888");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!version = get_app_version(cpe: CPE, port: port))
exit(0);
if (version =~ "^11\.") {
if (version =~ "^11\.6cert") {
if (revcomp(a: version, b: "11.6cert15") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "11.6-cert15");
security_message(port: port, data: report, proto: "udp");
exit(0);
}
}
else {
if (version_is_less(version: version, test_version: "11.23.1")) {
report = report_fixed_ver(installed_version: version, fixed_version: "11.23.1");
security_message(port: port, data: report, proto: "udp");
exit(0);
}
}
}
if (version =~ "^13\.") {
if (version =~ "^13\.8cert") {
if (revcomp(a: version, b: "13.8cert3") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "13.8-cert3");
security_message(port: port, data: report, proto: "udp");
exit(0);
}
}
else {
if (version_is_less(version: version, test_version: "13.11.1")) {
report = report_fixed_ver(installed_version: version, fixed_version: "13.11.1");
security_message(port: port, data: report, proto: "udp");
exit(0);
}
}
}
exit(0);
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.04 Low
EPSS
Percentile
92.0%