5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
57.0%
asterisk:sid is vulnerable to denial of service. The vulnerability exists in res_pjsip_session.c in Digium Asterisk where SDP negotiation in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
CPE | Name | Operator | Version |
---|---|---|---|
asterisk:sid | eq | 1:16.15.0~dfsg-1 | |
asterisk:3.12 | eq | 16.7.0-r0 | |
asterisk:edge | eq | 16.7.0-r0 |
packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html
seclists.org/fulldisclosure/2021/Feb/61
downloads.asterisk.org/pub/security/
downloads.asterisk.org/pub/security/AST-2021-005.html
issues.asterisk.org/jira/browse/ASTERISK-29196
security-tracker.debian.org/tracker/CVE-2021-26906
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
57.0%