Intrusion PreventionDigium.Asterisk.SIP.Invalid.SDP.Media.Descriptions.DoS
Description
This indicates an attack attempt to exploit a Denial of Service vulnerability in Asterisk Open Source, Certified Asterisk and Asterisk with Digiumphones.
The vulnerability is due to an error in the SIP channel driver when the vulnerable software handles an invalid SDP sent in a SIP request. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.
Affected Products
Digium Asterisk Digiumphones Prior to 10.12.3-digiumphones
Digium Asterisk Open Source Prior to 1.8.23.1
Digium Asterisk Open Source Prior to 10.12.3
Digium Asterisk Open Source Prior to 11.5.1
Digium Certified Asterisk Prior to 1.8.15-cert3
Digium Certified Asterisk Prior to 11.2-cert2
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://downloads.asterisk.org/pub/security/AST-2013-005.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-03-01 | 14.564 | Sig Added |
| ID | 36981 |
| Created | Sep 26, 2013 |
| Updated | Nov 03, 2020 |
| Risk |
|
| CVE ID | CVE-2013-5642 |
| Exploit Prediction Score | 37.28% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, BSD |
| Affected App | Other |