cbcvebase.
CVE-2017-17850
published 2017-12-27

CVE-2017-17850: An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a…

PriorityP359high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
75.35%
99.5th percentile
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:13.18.5~dfsg-1 (bullseye)asterisk 1:13.18.5~dfsg-1 (bullseye)
digiumasterisk>= 0 < 1:13.18.5~dfsg-11:13.18.5~dfsg-1
digiumasterisk13.0.0 – 13.18.4
digiumasterisk14.0.0 – 14.7.4
digiumasterisk15.0.0 – 15.1.4
digiumcertified_asterisk
digiumcertified_asterisk

Detection & IOCsextracted from sources · hover to see the quote

  • Crash is triggered by SIP messages that create a dialog (e.g., INVITE, SUBSCRIBE) sent to Asterisk using the PJSIP channel driver where the required Contact header is absent — monitor for SIP dialog-creating messages missing the Contact header targeting Asterisk PJSIP endpoints.
  • The vulnerability is reachable pre-authentication; if authentication is disabled on the PJSIP endpoint, unauthenticated remote attackers can trigger the crash — prioritize detection on unauthenticated PJSIP endpoints.
  • ·Only the PJSIP channel driver (chan_pjsip) is affected; the legacy chan_sip driver is not vulnerable. Ensure detection/monitoring targets PJSIP listener ports specifically.
  • ·Affected versions are Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. Fixed in 13.18.5 (Debian package 1:13.18.5~dfsg-1) and 14.7.5.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.