cbcvebase.
CVE-2012-2416
published 2012-04-30

CVE-2012-2416: chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4…

PriorityP425medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
2.19%
80.2th percentile
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.

Affected

76 ranges· showing 25
VendorProductVersion rangeFixed in
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source
asteriskopen_source

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.