Digium.Asterisk.TLS.Certificate.Common.Name.Input.Validation
Description
This indicates an attack attempt to exploit a Security Policy Bypass vulnerability in Digium Asterisk.
The vulnerability is due to improper validation of incoming packets. A remote attacker may be able to exploit this to cause a man-in-the-middle attack through impersonating a legitimate server via a crafted packet.
Affected Products
Asterisk Asterisk Open Source prior to 1.8.32.3
Asterisk Asterisk Open Source prior to 11.17.1
Asterisk Asterisk Open Source prior to 12.8.2
Asterisk Asterisk Open Source prior to 13.3.2
Asterisk Certified Asterisk prior to 1.8.28-cert5
Asterisk Certified Asterisk prior to 11.6-cert11
Asterisk Certified Asterisk prior to 13.1-cert2
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |