Bird_banner_small4
Digium Asterisk Unnegotiated RTP Payload Type Denial-of-Service
TSL ID TSL20180222-09
CVE ID(s) CVE-2018-7285
Severity Moderate
Description

A denial-of-service vulnerability has been reported in Digium Asterisk. The vulnerability is due to improper handling of RTP packets with unnegotiated Payload Types.

A remote attacker could exploit this vulnerability by sending crafted RTP packets to the target server. Successful exploitation results in denial-of-service conditions on the target service.

The vendor, Digium, has released the following advisory regarding this vulnerability:

http://downloads.asterisk.org/pub/security/AST-2018-001.html

Affected Products
  • Digium Asterisk Open Source 13.x prior to 13.19.2
  • Digium Asterisk Open Source 14.x prior to 14.7.6
  • Digium Asterisk Open Source 15.x prior to 15.2.2
  • Digium Certified Asterisk 13.18 prior to 13.18-cert3
CVSS Score Base 6.3 (AV:N/AC:M/Au:S/C:N/I:N/A:C):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is SINGLE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 4.7 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References http://downloads.asterisk.org/pub/security/AST-2018-001.html
Related Threats