#VU8063 Session hijacking in Certified Asterisk and Asterisk Open Source - CVE-2017-14099

Cybersecurity Help s.r.o.

Published: 2017-09-01

Vulnerability identifier: #VU8063

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14099

CWE-ID: CWE-384

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Certified Asterisk
Server applications / Conferencing, Collaboration and VoIP solutions
Asterisk Open Source
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: Digium (Linux Support Services)

Description
The vulnerability allows a remote attacker to hijack the target user's media session.

The weakness exists due to a flaw in the strict RTP support feature. A remote attacker can send specially crafted RTP traffic to provide and receive media from the session.

Mitigation
The vulnerability is addressed in the following versions:
Asterisk Open Source - 11.25.2, 13.17.1, 14.6.1.
Certified Asterisk - 11.6-cert17, 13.13-cert5.

Vulnerable software versions

Certified Asterisk: 11.6.0 - 13.13

Asterisk Open Source: 11.0.0 - 11.21.0, 13.0.0 - 13.15.1, 14.0 - 14.4.1

External links
https://downloads.asterisk.org/pub/security/AST-2017-005.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Session hijacking in asterisk (Alpine package)

Debian update for asterisk

Multiple vulnerability in Digium Asterisk