Lucene search

PRIOn knowledge basePRION:CVE-2014-2288

HistoryApr 18, 2014 - 10:14 p.m.

Cross site request forgery (csrf)

2014-04-1822:14:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency “is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,” allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

CPENameOperatorVersion
asteriskeq12.0.0
asteriskeq12.1.0 rc3
asteriskeq12.1.0 rc1
asteriskeq12.1.0
asteriskeq12.1.0 rc2

Name	Operator	Version
asterisk	eq	12.0.0
asterisk	eq	12.1.0 rc3
asterisk	eq	12.1.0 rc1
asterisk	eq	12.1.0
asterisk	eq	12.1.0 rc2

References

downloads.asterisk.org/pub/security/AST-2014-003-12.diff

downloads.asterisk.org/pub/security/AST-2014-003.html

issues.asterisk.org/jira/browse/ASTERISK-23210

lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html

lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON

Related for PRION:CVE-2014-2288