SIP Channel Driver Vulnerability in Asterisk Open Source and Business Edition
CVE-2012-2416

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 30 April 2012

What is CVE-2012-2416?

A vulnerability exists in the SIP channel driver of Asterisk where, under certain configurations, remote authenticated users can exploit the system. By sending a crafted SIP UPDATE message, they can initiate a connected-line update attempt without a corresponding channel, leading to a denial of service state where the daemon crashes. This can disrupt communications managed by Asterisk, impacting system availability.

References

https://issues.asterisk.org/jira/browse/ASTERISK-19770

x_refsource_MISC

http://www.securitytracker.com/id?1026963

vdb-entryx_refsource_SECTRACK

http://osvdb.org/81456

vdb-entryx_refsource_OSVDB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 30, 2012
Vulnerability Reserved
Apr 23, 2012