CVE-2019-18790

Current Description

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

Basic Data

PublishedNovember 22, 2019
Last ModifiedDecember 04, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-862
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDigiumAsterisk********13.0.013.29.2
    2.3ApplicationDigiumAsterisk********16.0.016.6.2
    2.3ApplicationDigiumAsterisk********17.0.017.0.1
    2.3ApplicationDigiumCertified Asterisk13.21.0*******
    2.3ApplicationDigiumCertified Asterisk13.21.0cert1******
    2.3ApplicationDigiumCertified Asterisk13.21.0cert2******
    2.3ApplicationDigiumCertified Asterisk13.21.0cert3******
    2.3ApplicationDigiumCertified Asterisk13.21.0cert4******
    2.3ApplicationDigiumCertified Asterisk13.21.0rc1******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******

Vulnerable Software List

VendorProductVersions
Digium Certified Asterisk 13.21.0
Digium Asterisk *
Debian Debian Linux 8.0

References

NameSourceURLTags
http://downloads.asterisk.org/pub/security/AST-2019-006.htmlhttp://downloads.asterisk.org/pub/security/AST-2019-006.htmlMISCPatch Vendor Advisory
[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security updatehttps://lists.debian.org/debian-lts-announce/2019/11/msg00038.htmlMLISTMailing List Third Party Advisory
https://www.asterisk.org/downloads/security-advisorieshttps://www.asterisk.org/downloads/security-advisoriesMISCVendor Advisory