7.5

CVE-2017-14603

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiumAsterisk Version13.0.0 SwEditionlts
DigiumAsterisk Version13.0.0 Updatebeta1
DigiumAsterisk Version13.0.0 Updatebeta2
DigiumAsterisk Version13.0.0 Updatebeta3
DigiumAsterisk Version13.0.1
DigiumAsterisk Version13.0.2
DigiumAsterisk Version13.1.0
DigiumAsterisk Version13.1.0 Updaterc1
DigiumAsterisk Version13.1.0 Updaterc2
DigiumAsterisk Version13.1.1
DigiumAsterisk Version13.2.0
DigiumAsterisk Version13.2.0 Updaterc1
DigiumAsterisk Version13.2.1
DigiumAsterisk Version13.3.0 Updaterc1
DigiumAsterisk Version13.3.2
DigiumAsterisk Version13.4.0
DigiumAsterisk Version13.4.0 Updaterc1
DigiumAsterisk Version13.5.0
DigiumAsterisk Version13.5.0 Updaterc1
DigiumAsterisk Version13.6.0 Updaterc1
DigiumAsterisk Version13.7.0 Updaterc1
DigiumAsterisk Version13.7.0 Updaterc2
DigiumAsterisk Version13.7.1
DigiumAsterisk Version13.7.2
DigiumAsterisk Version13.8.0
DigiumAsterisk Version13.8.0 Updaterc1
DigiumAsterisk Version13.8.1
DigiumAsterisk Version13.8.2
DigiumAsterisk Version13.9.0
DigiumAsterisk Version13.9.1
DigiumAsterisk Version13.10.0
DigiumAsterisk Version13.10.0 Updaterc1
DigiumAsterisk Version13.11.0
DigiumAsterisk Version13.11.1
DigiumAsterisk Version13.11.2
DigiumAsterisk Version13.12
DigiumAsterisk Version13.12.0
DigiumAsterisk Version13.12.1
DigiumAsterisk Version13.12.2
DigiumAsterisk Version13.13
DigiumAsterisk Version13.13.0
DigiumAsterisk Version13.13.1
DigiumAsterisk Version13.14.0
DigiumAsterisk Version13.14.0 Updaterc1
DigiumAsterisk Version13.14.0 Updaterc2
DigiumAsterisk Version13.14.1
DigiumAsterisk Version13.15.0
DigiumAsterisk Version13.15.0 Updaterc1
DigiumAsterisk Version13.15.0 Updaterc2
DigiumAsterisk Version13.15.0 Updaterc3
DigiumAsterisk Version13.15.1
DigiumAsterisk Version13.16.0
DigiumAsterisk Version13.16.0 Updaterc1
DigiumAsterisk Version13.16.0 Updaterc2
DigiumAsterisk Version13.17.0
DigiumAsterisk Version13.17.0 Updaterc1
DigiumAsterisk Version14.0
DigiumAsterisk Version14.0.0
DigiumAsterisk Version14.0.0 Updatebeta1
DigiumAsterisk Version14.0.0 Updatebeta2
DigiumAsterisk Version14.0.0 Updaterc1
DigiumAsterisk Version14.0.0 Updaterc2
DigiumAsterisk Version14.0.1
DigiumAsterisk Version14.0.2
DigiumAsterisk Version14.1
DigiumAsterisk Version14.01
DigiumAsterisk Version14.1.0
DigiumAsterisk Version14.1.1
DigiumAsterisk Version14.1.2
DigiumAsterisk Version14.02
DigiumAsterisk Version14.2
DigiumAsterisk Version14.2.0
DigiumAsterisk Version14.2.1
DigiumAsterisk Version14.3.0
DigiumAsterisk Version14.3.0 Updaterc1
DigiumAsterisk Version14.3.0 Updaterc2
DigiumAsterisk Version14.3.1
DigiumAsterisk Version14.4.0
DigiumAsterisk Version14.4.0 Updaterc1
DigiumAsterisk Version14.4.0 Updaterc2
DigiumAsterisk Version14.4.0 Updaterc3
DigiumAsterisk Version14.4.1
DigiumAsterisk Version14.5.0
DigiumAsterisk Version14.5.0 Updaterc1
DigiumAsterisk Version14.5.0 Updaterc2
DigiumAsterisk Version14.6.0
DigiumAsterisk Version14.6.0 Updaterc1
DigiumAsterisk Version11.0.0
DigiumAsterisk Version11.0.0 Updatebeta1
DigiumAsterisk Version11.0.0 Updatebeta2
DigiumAsterisk Version11.0.0 Updaterc1
DigiumAsterisk Version11.0.0 Updaterc2
DigiumAsterisk Version11.0.1
DigiumAsterisk Version11.0.2
DigiumAsterisk Version11.1.0
DigiumAsterisk Version11.1.0 Updaterc1
DigiumAsterisk Version11.1.0 Updaterc2
DigiumAsterisk Version11.1.0 Updaterc3
DigiumAsterisk Version11.1.1
DigiumAsterisk Version11.1.2
DigiumAsterisk Version11.2.0 Updaterc1
DigiumAsterisk Version11.2.1
DigiumAsterisk Version11.2.2
DigiumAsterisk Version11.4.0 Updaterc4
DigiumAsterisk Version11.6.0
DigiumAsterisk Version11.6.0 Updaterc1
DigiumAsterisk Version11.6.0 Updaterc2
DigiumAsterisk Version11.6.1
DigiumAsterisk Version11.7.0
DigiumAsterisk Version11.7.0 Updaterc1
DigiumAsterisk Version11.7.0 Updaterc2
DigiumAsterisk Version11.8.0 Update-
DigiumAsterisk Version11.8.0 Updaterc1
DigiumAsterisk Version11.8.0 Updaterc2
DigiumAsterisk Version11.8.0 Updaterc3
DigiumAsterisk Version11.8.1
DigiumAsterisk Version11.9.0
DigiumAsterisk Version11.9.0 Updaterc1
DigiumAsterisk Version11.9.0 Updaterc2
DigiumAsterisk Version11.9.0 Updaterc3
DigiumAsterisk Version11.10.0
DigiumAsterisk Version11.10.0 Updaterc1
DigiumAsterisk Version11.10.1
DigiumAsterisk Version11.10.1 Updaterc1
DigiumAsterisk Version11.10.2
DigiumAsterisk Version11.11.0
DigiumAsterisk Version11.11.0 Updaterc1
DigiumAsterisk Version11.12.0
DigiumAsterisk Version11.12.0 Updaterc1
DigiumAsterisk Version11.12.1
DigiumAsterisk Version11.13.0
DigiumAsterisk Version11.13.0 Updaterc1
DigiumAsterisk Version11.13.1
DigiumAsterisk Version11.14.0 SwEditionlts
DigiumAsterisk Version11.14.0 Updaterc1
DigiumAsterisk Version11.14.0 Updaterc2
DigiumAsterisk Version11.14.1
DigiumAsterisk Version11.14.2
DigiumAsterisk Version11.15.0 Updaterc1
DigiumAsterisk Version11.15.0 Updaterc2
DigiumAsterisk Version11.15.1
DigiumAsterisk Version11.16.0 Updaterc1
DigiumAsterisk Version11.17.0 Updaterc1
DigiumAsterisk Version11.17.1
DigiumAsterisk Version11.18.0
DigiumAsterisk Version11.18.0 Updaterc1
DigiumAsterisk Version11.19.0 Updaterc1
DigiumAsterisk Version11.20.0 Updaterc1
DigiumAsterisk Version11.21.0 Updaterc1
DigiumAsterisk Version11.21.0 Updaterc2
DigiumAsterisk Version11.21.1
DigiumAsterisk Version11.21.2
DigiumAsterisk Version11.22.0
DigiumAsterisk Version11.22.0 Updaterc1
DigiumAsterisk Version11.23.0
DigiumAsterisk Version11.23.0 Updaterc1
DigiumAsterisk Version11.23.1
DigiumAsterisk Version11.24.0
DigiumAsterisk Version11.24.1
DigiumAsterisk Version11.25.0
DigiumAsterisk Version11.25.1
DigiumCertified Asterisk Version11.6 Updatecert1
DigiumCertified Asterisk Version11.6 Updatecert1_rc1
DigiumCertified Asterisk Version11.6 Updatecert1_rc2
DigiumCertified Asterisk Version11.6 Updatecert10
DigiumCertified Asterisk Version11.6 Updatecert11
DigiumCertified Asterisk Version11.6 Updatecert12
DigiumCertified Asterisk Version11.6 Updatecert13
DigiumCertified Asterisk Version11.6 Updatecert14
DigiumCertified Asterisk Version11.6 Updatecert14_rc1
DigiumCertified Asterisk Version11.6 Updatecert14_rc2
DigiumCertified Asterisk Version11.6 Updatecert15
DigiumCertified Asterisk Version11.6 Updatecert16
DigiumCertified Asterisk Version11.6 Updatecert2
DigiumCertified Asterisk Version11.6 Updatecert3
DigiumCertified Asterisk Version11.6 Updatecert4
DigiumCertified Asterisk Version11.6 Updatecert5
DigiumCertified Asterisk Version11.6 Updatecert6
DigiumCertified Asterisk Version11.6 Updatecert7
DigiumCertified Asterisk Version11.6 Updatecert8
DigiumCertified Asterisk Version11.6 Updatecert9
DigiumCertified Asterisk Version13.13 Updatecert1
DigiumCertified Asterisk Version13.13 Updatecert1_rc1
DigiumCertified Asterisk Version13.13 Updatecert1_rc2
DigiumCertified Asterisk Version13.13 Updatecert1_rc3
DigiumCertified Asterisk Version13.13 Updatecert1_rc4
DigiumCertified Asterisk Version13.13 Updatecert2
DigiumCertified Asterisk Version13.13 Updatecert3
DigiumCertified Asterisk Version13.13 Updatecert4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.723
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://issues.asterisk.org/jira/browse/ASTERISK-27274
Third Party Advisory
Issue Tracking