CVE-2023-49786 : Asterisk is an open source private branch exchange and telephony toolkit. In Ast

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

Published 2023-12-14 20:15:53

Updated 2023-12-29 00:15:50

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-49786

Digium » Asterisk
Versions from including (>=) 19.0.0 and before (<) 20.5.1
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Matching versions
Digium » Asterisk
Versions before (<) 18.20.1
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Matching versions
Digium » Asterisk » Version: 21.0.0
cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 18.9 Update Cert1
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 18.9 Update Cert2
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update RC1
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update Cert1
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert3
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert1
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update Cert3
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 18.9 Update Cert5
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert10
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert9
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 18.9 Update Cert3
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert12
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert7
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update Cert1-rc3
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert5
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update Cert1-rc1
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update RC2
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update Cert2
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert2
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 18.9 Update Cert4
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update Cert1-rc2
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert8
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert11
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert6
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 13.13.0 Update Cert1-rc4
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
Matching versions
Sangoma » Certified Asterisk » Version: 16.8.0 Update Cert4
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-49786

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-49786

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-49786

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)
CWE-703 Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Assigned by: security-advisories@github.com (Secondary)

References for CVE-2023-49786

https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

[SECURITY] [DLA 3696-1] asterisk security update

CVEs referencing this url
http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html

Asterisk 20.1.0 Denial Of Service ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05

res_rtp_asterisk.c: Check DTLS packets against ICE candidate list · asterisk/asterisk@d7d7764 · GitHub
Patch
http://www.openwall.com/lists/oss-security/2023/12/15/7

oss-security - [ES2023-01] Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
Exploit;Mailing List
https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq

Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation · Advisory · asterisk/asterisk · GitHub
Exploit;Vendor Advisory
http://seclists.org/fulldisclosure/2023/Dec/24

Full Disclosure: [ES2023-01] Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
Exploit;Mailing List;Third Party Advisory
https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race

File not found · GitHub
Exploit

Jump to

Vulnerability Details : CVE-2023-49786

Products affected by CVE-2023-49786

Exploit prediction scoring system (EPSS) score for CVE-2023-49786

CVSS scores for CVE-2023-49786

CWE ids for CVE-2023-49786

References for CVE-2023-49786