1. CVE-Search
  2. CVE-2015-1558
ID CVE-2015-1558
Summary Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.
References
Vulnerable Configurations
  • cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*
    cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 09-10-2018 - 19:55)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:N/A:P
refmap via4
bugtraq 20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered
confirm http://downloads.asterisk.org/pub/security/AST-2015-001.html
fulldisc 20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered
sectrack 1031661
Last major update 09-10-2018 - 19:55
Published 09-02-2015 - 11:59
Last modified 09-10-2018 - 19:55
Back to Top