Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1561 — Asterisk vulnerability

5 documents5 sources

Severity

7.8HIGHNVD

EPSS

20.7%

top 4.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Asterisk Debian Asterisk

Timeline

PublishedMar 21

Latest updateMay 1

Description

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.4.2~dfsg-5 (bullseye)

▶Debianasterisk/asterisk< 1:1.4.2~dfsg-5

▶NVDasterisk/asterisk4 versions+3

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-jwxq-x6h2-p3qv: The channel driver in Asterisk before 1↗2022-05-01

▶

OSV

CVE-2007-1561: The channel driver in Asterisk before 1↗2007-03-21

▶

💥Exploits & PoCs

Exploit-DB

Asterisk 1.2.16/1.4.1 - SIP INVITE Remote Denial of Service↗2007-03-25

▶

📋Vendor Advisories

Debian

CVE-2007-1561: asterisk - The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remot...↗2007

▶