Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digium Certified Asterisk 安全漏洞
Vulnerability Description
Digium Certified Asterisk是美国Digium公司的一套开源的电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Sangoma Technologies Asterisk和Sangoma Technologies Certified Asterisk中的channels/chan_sip.c文件存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。以下产品及版本受到影响:Sangoma Technologies Asterisk 13.x版本,16
CVSS Information
N/A
Vulnerability Type
N/A