Digium.Asterisk.TLS.Certificate.Common.Name.Input.Validation

description-logoDescription

This indicates an attack attempt to exploit a Security Policy Bypass vulnerability in Digium Asterisk.
The vulnerability is due to improper validation of incoming packets. A remote attacker may be able to exploit this to cause a man-in-the-middle attack through impersonating a legitimate server via a crafted packet.

affected-products-logoAffected Products

Asterisk Asterisk Open Source prior to 1.8.32.3
Asterisk Asterisk Open Source prior to 11.17.1
Asterisk Asterisk Open Source prior to 12.8.2
Asterisk Asterisk Open Source prior to 13.3.2
Asterisk Certified Asterisk prior to 1.8.28-cert5
Asterisk Certified Asterisk prior to 11.6-cert11
Asterisk Certified Asterisk prior to 13.1-cert2

Impact logoImpact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor
http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)