Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-7286Asterisk vulnerability

8 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
54.6%
top 1.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Digium AsteriskDebian AsteriskDigium Certified Asterisk+1 more
Timeline
PublishedFeb 22
Latest updateMay 13

Description

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/asterisk< asterisk 1:13.20.0~dfsg-1 (bullseye)
Debiandigium/asterisk< 1:13.20.0~dfsg-1
NVDdigium/asterisk14.0.014.7.5+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
GHSA
GHSA-c328-7q8p-p26v: An issue was discovered in Asterisk through 132022-05-13
OSV
CVE-2018-7286: An issue was discovered in Asterisk through 132018-02-22

💥Exploits & PoCs

1
Exploit-DB
Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service2018-02-27

📋Vendor Advisories

1
Debian
CVE-2018-7286: asterisk - An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15...2018

💬Community

3
Bugzilla
CVE-2018-7286 asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport2018-02-22
Bugzilla
CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [epel-6]2018-02-22
Bugzilla
CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [fedora-all]2018-02-22
CVE-2018-7286 — Debian Asterisk vulnerability | cvebase