Detections
Analytics
Asterisk SRTP Video Stream Negotiation Remote Crash (AST-2012-001)
medium Nessus Plugin ID 58431
Language:
Synopsis
A telephony application running on the remote host is affected by a denial of service vulnerability.Description
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. The vulnerability can be triggered by attempting to negotiate a secure video stream when it has not been enabled and the res_srtp Asterisk module is loaded.Solution
Upgrade to Asterisk 1.8.8.2 / 10.0.1 or apply the patches listed in the Asterisk advisory.See Also
http://downloads.asterisk.org/pub/security/AST-2012-001.html
Plugin Details
Severity: Medium
ID: 58431
File Name: asterisk_ast_2012_001.nasl
Version: 1.13
Type: remote
Family: Misc.
Published: 3/22/2012
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/a:digium:asterisk
Required KB Items: Settings/ParanoidReport, asterisk/sip_detected
Exploit Ease: No known exploits are available
Patch Publication Date: 1/19/2012
Vulnerability Publication Date: 1/19/2012
Reference Information
CVE: CVE-2012-0885
BID: 51581