Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
Vulnerability Description
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
认证算法的不正确实现
Vulnerability Title
Asterisk 安全漏洞
Vulnerability Description
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk 18.23.0版本存在安全漏洞,该漏洞源于所有未经授权的SIP请求都会被识别为本地服务器的PJSIP端点。
CVSS Information
N/A
Vulnerability Type
N/A