Vulnerability Details : CVE-2019-18790


CVE Name: CVE-2019-18790: Other vulnerability on Digium Certified Asterisk, Digium Asterisk, Debian Debian Linux
Description: An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
Publish date: 2019-11-22T17:15Z
Last Update: 2022-05-13T20:56Z

CVSS Scores & Vulnerability Types


CVSS Score
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Vulnerability Type(s)Other
CWE ID862

Products Affected By CVE-2019-18790


# Vendor Product Vulnerable Versions
1 Digium Certified Asterisk 6
2 Digium Asterisk 3
3 Debian Debian Linux 2

Detail of Verions Affected


# Product Type Vendor Product Version
1 Application Digium Certified Asterisk 13.21.0 Cert4
2 Application Digium Certified Asterisk 13.21.0 Cert3
3 Application Digium Certified Asterisk 13.21.0 Cert2
4 Application Digium Certified Asterisk 13.21.0 Cert1
5 Application Digium Certified Asterisk 13.21.0 Rc1
6 Application Digium Asterisk *
7 Application Digium Asterisk *
8 Application Digium Asterisk *
9 Application Digium Certified Asterisk 13.21.0
10 Operating System Debian Debian Linux 8.0
11 Operating System Debian Debian Linux 9.0