6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.4%
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x
before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified
Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE
and the nonce is changed in each response, Asterisk will continually send
INVITEs in a loop. This causes Asterisk to consume more and more memory
since the transaction will never terminate (even if the call is hung up),
ultimately leading to a restart or shutdown of Asterisk. Outbound
authentication must be configured on the endpoint for this to occur.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.4%