CVE-2018-7286
published 2018-02-22CVE-2018-7286: An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows…
PriorityP352medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
EXPLOIT
EPSS
39.50%
98.4th percentile
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:13.20.0~dfsg-1 (bullseye) | asterisk 1:13.20.0~dfsg-1 (bullseye) |
| debian | debian_linux | — | — |
| digium | asterisk | — | — |
| digium | asterisk | >= 0 < 1:13.20.0~dfsg-1 | 1:13.20.0~dfsg-1 |
| digium | asterisk | 14.0.0 – 14.7.5 | — |
| digium | asterisk | 15.0.0 – 15.2.1 | — |
| digium | certified_asterisk | <= 13.18 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect repeated SIP INVITE messages over TCP (port 5060) or TLS (port 5061) from the same source followed by an abrupt TCP connection reset/close — this is the trigger pattern for the CVE-2018-7286 DoS. ↗
- →Monitor for Asterisk segfault in res_pjsip.c at ast_sip_failover_request with tdata=0x0, indicating null pointer dereference triggered by the exploit. ↗
- →Flag Asterisk instances compiled with --with-pjproject-bundled running chan_pjsip as highest-risk targets for this vulnerability. ↗
- →Alert on multiple SIP INVITE requests sharing the same Call-ID over a single TCP/TLS session — the PoC sends 10 INVITEs per connection using the same callid value. ↗
- →Inspect SIP INVITE traffic on TLS transport for the Via branch pattern z9hG4bK originating from non-standard high ports (e.g., 10394), which matches the PoC's crafted headers. ↗
- ·The vulnerability only affects Asterisk deployments using the res_pjsip / chan_pjsip stack over TCP or TLS transports; SIP over UDP is not affected. ↗
- ·Exploitation requires prior authentication — the attacker must be a valid SIP user. Unauthenticated users cannot trigger the crash. ↗
- ·The destination SIP address used in the INVITE must match a valid extension in the dialplan for the crash to be triggered. ↗
- ·Affected versions span Asterisk 13.x through 13.19.1, 14.x through 14.7.5, 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2; confirmed tested on 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, 14.7.5. ↗
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c328-7q8p-p26v: An issue was discovered in Asterisk through 13
ghsa_unreviewed·2022-05-13
CVE-2018-7286 [MEDIUM] GHSA-c328-7q8p-p26v: An issue was discovered in Asterisk through 13
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
OSV
CVE-2018-7286: An issue was discovered in Asterisk through 13
osv·2018-02-22·CVSS 6.5
CVE-2018-7286 [MEDIUM] CVE-2018-7286: An issue was discovered in Asterisk through 13
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
Debian
CVE-2018-7286: asterisk - An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15...
vendor_debian·2018·CVSS 6.5
CVE-2018-7286 [MEDIUM] CVE-2018-7286: asterisk - An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15...
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
Scope: local
bullseye: resolved (fixed in 1:13.20.0~dfsg-1)
sid: resolved (fixed in 1:13.20.0~dfsg-1)
No detection rules found.
Bugzilla
CVE-2018-7286 asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport
bugzilla·2018-02-22·CVSS 6.5
CVE-2018-7286 [MEDIUM] CVE-2018-7286 asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport
CVE-2018-7286 asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport
A flaw was discovered in Asterisk 13.x, 14.x, 15.x and 13.18. A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault and allows an attacker to perform a Denial of Service (DoS) attack.
References:
http://downloads.asterisk.org/pub/security/AST-2018-005.html
https://issues.asterisk.org/jira/browse/ASTERISK-27618
Patch:
http://downloads.asterisk.org/pub/security/AST-2018-005-13.diff [Asterisk 13]
http://downloads.asterisk.org/pub/security/AST-2018-005-14.diff [Asterisk 14]
http://downloads.asterisk.org/pub/security/AST-2018-005-15.diff [Asterisk 15]
ht
Bugzilla
CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [epel-6]
bugzilla·2018-02-22·CVSS 6.5
CVE-2018-7286 [MEDIUM] CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [epel-6]
CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit me
Bugzilla
CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [fedora-all]
bugzilla·2018-02-22·CVSS 6.5
CVE-2018-7286 [MEDIUM] CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [fedora-all]
CVE-2018-7286 asterisk: asterix: Denial of Service (DoS) when sending a repeated number of INVITE messages over TCP or TLS transport [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg c
http://downloads.asterisk.org/pub/security/AST-2018-005.htmlhttp://www.securityfocus.com/bid/103129http://www.securitytracker.com/id/1040417https://issues.asterisk.org/jira/browse/ASTERISK-27618https://www.debian.org/security/2018/dsa-4320https://www.exploit-db.com/exploits/44181/http://downloads.asterisk.org/pub/security/AST-2018-005.htmlhttp://www.securityfocus.com/bid/103129http://www.securitytracker.com/id/1040417https://issues.asterisk.org/jira/browse/ASTERISK-27618https://www.debian.org/security/2018/dsa-4320https://www.exploit-db.com/exploits/44181/
2018-02-22
Published