var-201806-0745
Vulnerability from variot
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. Asterisk Open Source Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsteriskOpenSource is an open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in the 15.x version prior to DigiumAsteriskOpenSource 15.4.1. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0745", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "asterisk", scope: "lt", trust: 1, vendor: "sangoma", version: "15.4.1", }, { model: "asterisk", scope: "gte", trust: 1, vendor: "sangoma", version: "15.0", }, { model: "open source", scope: "lt", trust: 0.8, vendor: "asterisk", version: "15.x", }, { model: "open source", scope: "eq", trust: 0.8, vendor: "asterisk", version: "15.4.1", }, { model: "asterisk open source", scope: "eq", trust: 0.6, vendor: "digium", version: "15.*<15.4.1", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.2.2", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.2.1", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.2", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.1.4", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.1.3", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.1.1", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.1", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.1.5", }, { model: "open source", scope: "eq", trust: 0.3, vendor: "asterisk", version: "15.1.2", }, { model: "open source", scope: "ne", trust: 0.3, vendor: "asterisk", version: "15.4.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-12156", }, { db: "BID", id: "104457", }, { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "NVD", id: "CVE-2018-12228", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:asterisk:open_source", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-006656", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Sean Bright", sources: [ { db: "BID", id: "104457", }, ], trust: 0.3, }, cve: "CVE-2018-12228", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2018-12228", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2018-12156", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2018-12228", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-12228", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2018-12228", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2018-12156", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201806-749", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-12156", }, { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "CNNVD", id: "CNNVD-201806-749", }, { db: "NVD", id: "CVE-2018-12228", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. Asterisk Open Source Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsteriskOpenSource is an open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in the 15.x version prior to DigiumAsteriskOpenSource 15.4.1. \nAttackers can exploit this issue to crash the application, resulting in a denial-of-service condition", sources: [ { db: "NVD", id: "CVE-2018-12228", }, { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "CNVD", id: "CNVD-2018-12156", }, { db: "BID", id: "104457", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-12228", trust: 3.3, }, { db: "BID", id: "104457", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2018-006656", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-12156", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201806-749", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-12156", }, { db: "BID", id: "104457", }, { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "CNNVD", id: "CNNVD-201806-749", }, { db: "NVD", id: "CVE-2018-12228", }, ], }, id: "VAR-201806-0745", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-12156", }, ], trust: 0.79659443, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-12156", }, ], }, last_update_date: "2024-11-23T22:00:29.507000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "AST-2018-007", trust: 0.8, url: "http://downloads.asterisk.org/pub/security/AST-2018-007.html", }, { title: "ASTERISK-27807", trust: 0.8, url: "https://issues.asterisk.org/jira/browse/ASTERISK-27807", }, { title: "Patch for DigiumAsteriskOpenSource Remote Authentication Session Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/132899", }, { title: "Digium Asterisk Open Source Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80913", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-12156", }, { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "CNNVD", id: "CNNVD-201806-749", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-835", trust: 1, }, { problemtype: "CWE-287", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "NVD", id: "CVE-2018-12228", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://downloads.asterisk.org/pub/security/ast-2018-007.html", }, { trust: 1.9, url: "https://issues.asterisk.org/jira/browse/asterisk-27807", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/104457", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12228", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-12228", }, { trust: 0.3, url: "http://www.asterisk.org/", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-12156", }, { db: "BID", id: "104457", }, { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "CNNVD", id: "CNNVD-201806-749", }, { db: "NVD", id: "CVE-2018-12228", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-12156", }, { db: "BID", id: "104457", }, { db: "JVNDB", id: "JVNDB-2018-006656", }, { db: "CNNVD", id: "CNNVD-201806-749", }, { db: "NVD", id: "CVE-2018-12228", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-06-27T00:00:00", db: "CNVD", id: "CNVD-2018-12156", }, { date: "2018-06-11T00:00:00", db: "BID", id: "104457", }, { date: "2018-08-28T00:00:00", db: "JVNDB", id: "JVNDB-2018-006656", }, { date: "2018-06-13T00:00:00", db: "CNNVD", id: "CNNVD-201806-749", }, { date: "2018-06-12T04:29:00.330000", db: "NVD", id: "CVE-2018-12228", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-06-27T00:00:00", db: "CNVD", id: "CNVD-2018-12156", }, { date: "2018-06-11T00:00:00", db: "BID", id: "104457", }, { date: "2018-08-28T00:00:00", db: "JVNDB", id: "JVNDB-2018-006656", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201806-749", }, { date: "2024-11-21T03:44:49.210000", db: "NVD", id: "CVE-2018-12228", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201806-749", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Asterisk Open Source Authentication vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-006656", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-201806-749", }, ], trust: 0.6, }, }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.