Intrusion PreventionDigium.Asterisk.PJSIP.Endpoint.Presence.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Digium Asterisk.
The vulnerability is due to an error in the vulnerable application when handling maliciously crafted requests. An attacker can exploit this to disclose sensitive information on the affected machine via crafted requests.
Affected Products
Digium Asterisk Open Source 13.x prior to 13.21.1
Digium Asterisk Open Source 14.x prior to 14.7.7
Digium Asterisk Open Source 15.x prior to 15.4.1
Digium Certified Asterisk 13.18-cert before 13.18-cert4
Digium Certified Asterisk 13.21-cert before 13.21-cert2
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
http://downloads.asterisk.org/pub/security/AST-2018-008.html
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2020-10-22 | 16.948 |
Modified
|
Name:Asterisk. PJSIP. Endpoint. Presence. Disclosure:Digium. Asterisk. PJSIP. Endpoint. Presence. Disclosure |
| ID | 46315 |
| Created | Jul 13, 2018 |
| Updated | Dec 08, 2021 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 1.06% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, BSD |
| Affected App | Other |
| Profile Type | Information Disclosure |