Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1306 — Asterisk vulnerability

5 documents5 sources

Severity

7.8HIGHNVD

EPSS

19.7%

top 4.55%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedMar 7

Latest updateMay 1

Description

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.2.16~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:1.2.16~dfsg-1

▶NVDdigium/asterisk18 versions+17

🔴Vulnerability Details

GHSA

GHSA-j5g7-pvcx-38pp: Asterisk 1↗2022-05-01

▶

OSV

CVE-2007-1306: Asterisk 1↗2007-03-07

▶

💥Exploits & PoCs

Exploit-DB

Asterisk 1.2.15/1.4.0 - Remote Denial of Service↗2007-03-04

▶

📋Vendor Advisories

Debian

CVE-2007-1306: asterisk - Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause...↗2007

▶