Sign-up

ID

VAR-201911-0701


CVE

CVE-2019-18790


TITLE

Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-012588

DESCRIPTION

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service. Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Minor Exploits Known No Reported On October 17, 2019 Reported By Andrey V. T. Modules Affected channels/chan_sip.c Resolution Using any other option value for “nat” will prevent the attack (such as “nat=no” or “nat=force_rport”), but will need to be tested on an individual basis to ensure that it works for the user’s deployment. On the fixed versions of Asterisk, it will no longer set the address of the peer before authentication is successful when a SIP request comes in. Affected Versions Product Release Series Asterisk Open Source 13.x All releases Asterisk Open Source 16.x All releases Asterisk Open Source 17.x All releases Certified Asterisk 13.21 All releases Corrected In Product Release Asterisk Open Source 13.29.2 Asterisk Open Source 16.6.2 Asterisk Open Source 17.0.1 Certified Asterisk 13.21-cert5 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16 http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17 http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified Asterisk 13.21-cert5 Links https://issues.asterisk.org/jira/browse/ASTERISK-28589 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2019-006.pdf and http://downloads.digium.com/pub/security/AST-2019-006.html Revision History Date Editor Revisions Made October 22, 2019 Ben Ford Initial Revision November 14, 2019 Ben Ford Corrected and updated fields for versioning, and added CVE November 21, 2019 Ben Ford Added “Posted On” date Asterisk Project Security Advisory - AST-2019-006 Copyright © 2019 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form

Trust: 2.25

sources: NVD: CVE-2019-18790 // JVNDB: JVNDB-2019-012588 // CNVD: CNVD-2020-03059 // PACKETSTORM: 155434

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03059

AFFECTED PRODUCTS

vendor:digiummodel:asteriskscope:ltversion:13.29.2

Trust: 1.0

vendor:digiummodel:certified asteriskscope:eqversion:13.21.0

Trust: 1.0

vendor:digiummodel:asteriskscope:gteversion:16.0.0

Trust: 1.0

vendor:digiummodel:asteriskscope:ltversion:16.6.2

Trust: 1.0

vendor:digiummodel:asteriskscope:gteversion:17.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:digiummodel:asteriskscope:gteversion:13.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:digiummodel:asteriskscope:ltversion:17.0.1

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:digiummodel:asteriskscope:eqversion:13.x

Trust: 0.8

vendor:digiummodel:asteriskscope:eqversion:16.x

Trust: 0.8

vendor:digiummodel:asteriskscope:eqversion:17.x

Trust: 0.8

vendor:digiummodel:certified asteriskscope:eqversion:13.21

Trust: 0.8

vendor:sangomamodel:asteriskscope:lteversion:<=13.*

Trust: 0.6

vendor:sangomamodel:asteriskscope:lteversion:<=16.*

Trust: 0.6

vendor:sangomamodel:asteriskscope:lteversion:<=17.*

Trust: 0.6

vendor:sangomamodel:certified asteriskscope:eqversion:13.21

Trust: 0.6

sources: CNVD: CNVD-2020-03059 // JVNDB: JVNDB-2019-012588 // NVD: CVE-2019-18790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18790
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18790
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-03059
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-1291
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18790
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03059
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18790
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2019-18790
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03059 // JVNDB: JVNDB-2019-012588 // CNNVD: CNNVD-201911-1291 // NVD: CVE-2019-18790

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.8

sources: JVNDB: JVNDB-2019-012588 // NVD: CVE-2019-18790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1291

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-1291

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012588

PATCH
title:AST-2019-006url:http://downloads.asterisk.org/pub/security/AST-2019-006.html
Trust: 0.8
title:Security Advisoriesurl:https://www.asterisk.org/downloads/security-advisories
Trust: 0.8
title:[SECURITY] [DLA 2017-1] asterisk security updateurl:https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html
Trust: 0.8
title:Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/196959
Trust: 0.6
title:Sangoma Technologies Asterisk  and Sangoma Technologies Certified Asterisk Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103433
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03059 // 
            
            
            
            JVNDB: JVNDB-2019-012588 // 
            
            
            
            CNNVD: CNNVD-201911-1291

EXTERNAL IDS
db:NVDid:CVE-2019-18790
Trust: 3.1
db:DLINKid:SAP10005
Trust: 0.8
db:JVNDBid:JVNDB-2019-012588
Trust: 0.8
db:PACKETSTORMid:155434
Trust: 0.7
db:CNVDid:CNVD-2020-03059
Trust: 0.6
db:AUSCERTid:ESB-2019.4526
Trust: 0.6
db:AUSCERTid:ESB-2019.4421
Trust: 0.6
db:CNNVDid:CNNVD-201911-1291
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03059 // 
            
            
            
            JVNDB: JVNDB-2019-012588 // 
            
            
            
            PACKETSTORM: 155434 // 
            
            
            
            CNNVD: CNNVD-201911-1291 // 
            
            
            
            NVD: CVE-2019-18790

REFERENCES
url:https://www.asterisk.org/downloads/security-advisories
Trust: 1.6
url:https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html
Trust: 1.6
url:https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html
Trust: 1.6
url:http://downloads.asterisk.org/pub/security/ast-2019-006.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-18790
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18790
Trust: 0.8
url:https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005
Trust: 0.8
url:https://seclists.org/fulldisclosure/2019/nov/18
Trust: 0.6
url:http://downloads.asterisk.org/pub/security/ast-2019-008.html
Trust: 0.6
url:http://downloads.asterisk.org/pub/security/ast-2019-007.html
Trust: 0.6
url:https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html   second message url unavailable at time of publishing
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4526/
Trust: 0.6
url:https://vigilance.fr/vulnerability/asterisk-information-disclosure-via-sip-peer-ip-address-change-30935
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4421/
Trust: 0.6
url:https://packetstormsecurity.com/files/155434/asterisk-project-security-advisory-ast-2019-006.html
Trust: 0.6
url:http://downloads.digium.com/pub/security/ast-2019-006.html
Trust: 0.1
url:https://issues.asterisk.org/jira/browse/asterisk-28589
Trust: 0.1
url:http://downloads.asterisk.org/pub/security/ast-2019-006-16.diff
Trust: 0.1
url:http://www.asterisk.org/security
Trust: 0.1
url:http://downloads.asterisk.org/pub/security/ast-2019-006-13.diff
Trust: 0.1
url:http://downloads.asterisk.org/pub/security/ast-2019-006-17.diff
Trust: 0.1
url:http://downloads.asterisk.org/pub/security/ast-2019-006-13.21.diff
Trust: 0.1
url:http://downloads.digium.com/pub/security/ast-2019-006.pdf
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-03059 // 
            
            
            
            JVNDB: JVNDB-2019-012588 // 
            
            
            
            PACKETSTORM: 155434 // 
            
            
            
            CNNVD: CNNVD-201911-1291 // 
            
            
            
            NVD: CVE-2019-18790

CREDITS
bford
Trust: 0.7
sources:
            
            
            PACKETSTORM: 155434 // 
            
            
            
            CNNVD: CNNVD-201911-1291

SOURCES
db:CNVDid:CNVD-2020-03059
db:JVNDBid:JVNDB-2019-012588
db:PACKETSTORMid:155434
db:CNNVDid:CNNVD-201911-1291
db:NVDid:CVE-2019-18790

LAST UPDATE DATE
2024-11-23T21:52:07.567000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03059date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-012588date:2019-12-06T00:00:00
db:CNNVDid:CNNVD-201911-1291date:2022-04-06T00:00:00
db:NVDid:CVE-2019-18790date:2024-11-21T04:33:34.090

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03059date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-012588date:2019-12-06T00:00:00
db:PACKETSTORMid:155434date:2019-11-21T23:02:22
db:CNNVDid:CNNVD-201911-1291date:2019-11-21T00:00:00
db:NVDid:CVE-2019-18790date:2019-11-22T17:15:11.740