Condorlab

Asterisk – Denial of Service


Advisory IDRSN-SIP-1565


Vulnerability Information
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.xbefore 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and otherproducts, allows remote attackers to cause a denial of service (bufferoverflow and application crash) via a SIP packet with a crafted CSeqheader in conjunction with a Via header that lacks a branch parameter.


Release Date
2017-06-02 00:00:00


Solutions
RedShift Networks UCTM solution provides the industry’s first complete security solution developed for securing VOIP networks, endpoints and applications. Its dedicated CONDOR labs research team constantly scouts for new attack patterns, advanced penetration testing methods, vulnerabilities identification and roll out of new signatures to subscribed customers on a constant basis. For more information, visit www.redshiftnetworks.com


External Resources
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9372