cbcvebase.
CVE-2017-17090
published 2017-12-02

CVE-2017-17090: An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7…

PriorityP269high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
81.51%
99.6th percentile
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:13.18.3~dfsg-1 (bullseye)asterisk 1:13.18.3~dfsg-1 (bullseye)
digiumasterisk<= 13.8.2
digiumasterisk<= 14.7.2
digiumasterisk<= 15.1.2
digiumasterisk>= 0 < 1:13.18.3~dfsg-11:13.18.3~dfsg-1
digiumcertified_asterisk<= 13.13
digiumcertified_asterisk

Detection & IOCsextracted from sources · hover to see the quote

port2000
bytes
450002c50001000040067a307f0000017f000001001407d00000000000000000500220009a2b0000e4eea8a72a97467d3631824ac1c08c604e762eb80af46cc6d219a4cf65c13992b4a8af94cb5e87c14faf0254cba25af9fb33bd8d2a58e370e3a866639dfdec350875cfecfe068a16746963fffeee0fdcbac75eb4f09d625f3ae1b4a3eb2812e6f838e88b0d7d9881465a0faf45664df8008d4d6de1a5e20a9c97a71f57d3429e0b17db3aeb3bf516ca4e207a5c801d04132979508f267c7425a57fd0edd271b57ff9831b595b519e73404f170492ae3ad438d4aeca854e96c9dd56d2af3813b8de6b3d8d31d32c0e95be9cb3a5c6106f64c4f19cda2b55ad1471f3d63e1b1ca3c29f362def063ad9b29ea4d1c1fda5c2e4cf0ae75064c27411a2deb5fab11e6412cd5a4037f38779f0173fa1f2ca1740aa78fe37bc0a50f5619c7abba00f2957bf06770ff4d6c003d4533de19f51bcbbd9bbe0ceb3e17dd180e58ee2698998edca42e3d6a8079cc151b608e5bd5aff052e718e714b360f9b091894a5eeed34dafe41d27f19988b3e0ac5a6dd8947c3537ae31154e983cdbac0861afc500206e74030c9e452738ece13075df2dbebb8a1737ee3b4880bc6d428ee2d3d64f585e197dc63f30638a4c55cff0b8e6aa82dfdf199baabd92c10092414015fad5f08e9c816a4d028574ee5340c08b2fe65ca1e7ca907ea2ebd6661e01e9b9d39d5bdb3e3cebd58e96f97f487bb580bcf5447ac48a2ad5541ae0ddcc9ec1f9528f2c07316dbd760e91e3bddbd53fbf6987fdba0830bdb485524950b5611e18e5d517c0f3ae05aa2daec42a5c43eab07aa0018ab750dc6995adad6561cc8a0379f7a12d8e5e474df013459442801d6871c5820318d790833687619b70b0da74893ca441f177ab9e7d7a537c6ff4920c79631905c35167d8a6efc0c6bced9270691abc5b4de84f956f8c1d34f9ef3f0073dafce8c076c4d537e981a1e8ff6ed3e8c
  • Monitor for repeated TCP connection attempts to port 2000 (SCCP/Skinny default port) from a single source, which is the attack vector used to flood chan_skinny and exhaust Asterisk virtual memory.
  • The exploit sends crafted SCCP packets in a tight loop (while 1) over TCP to port 2000; detect rapid repeated TCP connections to the Skinny/SCCP port combined with large packet payloads (~709 bytes) as an indicator of this DoS attack.
  • The vulnerability resides in chan_skinny.c (SCCP protocol channel driver); if this module is not required, disabling it eliminates the attack surface entirely.
  • ·The exploit targets Asterisk 13.17.2 specifically; the vulnerability affects all Asterisk Open Source 13.18.2 and older, 14.7.2 and older, 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. The byte signature payload was crafted for the tested version and may not be identical across all vulnerable versions.
  • ·The attack is unauthenticated and remote, requiring only network access to the SCCP/Skinny TCP port (default 2000). No credentials are needed to trigger the memory exhaustion.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.