An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
2019-11-22T17:15:11.740
2024-11-21T04:33:34.090
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | digium | asterisk | < 13.29.2 | Yes |
| Application | digium | asterisk | < 16.6.2 | Yes |
| Application | digium | asterisk | < 17.0.1 | Yes |
| Application | digium | certified_asterisk | 13.21.0 | Yes |
| Application | digium | certified_asterisk | 13.21.0 | Yes |
| Application | digium | certified_asterisk | 13.21.0 | Yes |
| Application | digium | certified_asterisk | 13.21.0 | Yes |
| Application | digium | certified_asterisk | 13.21.0 | Yes |
| Application | digium | certified_asterisk | 13.21.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |