Lucene search
HistoryJan 04, 2013 - 3:55 p.m.
CVE-2012-5977
asterisk
open source
denial of service
resource consumption
cve-2012-5977
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.4 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.4%
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
Affected configurations
Node
digiumasteriskRange≤1.8.19.0
ORdigiumasteriskMatch1.8.0
ORdigiumasteriskMatch1.8.0beta1
ORdigiumasteriskMatch1.8.0beta2
ORdigiumasteriskMatch1.8.0beta3
ORdigiumasteriskMatch1.8.0beta4
ORdigiumasteriskMatch1.8.0beta5
ORdigiumasteriskMatch1.8.0rc2
ORdigiumasteriskMatch1.8.0rc3
ORdigiumasteriskMatch1.8.0rc4
ORdigiumasteriskMatch1.8.0rc5
ORdigiumasteriskMatch1.8.1
ORdigiumasteriskMatch1.8.1rc1
ORdigiumasteriskMatch1.8.1.1
ORdigiumasteriskMatch1.8.1.2
ORdigiumasteriskMatch1.8.2
ORdigiumasteriskMatch1.8.2.1
ORdigiumasteriskMatch1.8.2.2
ORdigiumasteriskMatch1.8.2.3
ORdigiumasteriskMatch1.8.2.4
ORdigiumasteriskMatch1.8.3
ORdigiumasteriskMatch1.8.3rc1
ORdigiumasteriskMatch1.8.3rc2
ORdigiumasteriskMatch1.8.3rc3
ORdigiumasteriskMatch1.8.3.1
ORdigiumasteriskMatch1.8.3.2
ORdigiumasteriskMatch1.8.3.3
ORdigiumasteriskMatch1.8.4
ORdigiumasteriskMatch1.8.4rc1
ORdigiumasteriskMatch1.8.4rc2
ORdigiumasteriskMatch1.8.4rc3
ORdigiumasteriskMatch1.8.4.1
ORdigiumasteriskMatch1.8.4.2
ORdigiumasteriskMatch1.8.4.3
ORdigiumasteriskMatch1.8.4.4
ORdigiumasteriskMatch1.8.5
ORdigiumasteriskMatch1.8.5rc1
ORdigiumasteriskMatch1.8.5.0
ORdigiumasteriskMatch1.8.6.0
ORdigiumasteriskMatch1.8.6.0rc1
ORdigiumasteriskMatch1.8.6.0rc2
ORdigiumasteriskMatch1.8.6.0rc3
ORdigiumasteriskMatch1.8.7.0
ORdigiumasteriskMatch1.8.7.0rc1
ORdigiumasteriskMatch1.8.7.0rc2
ORdigiumasteriskMatch1.8.7.1
ORdigiumasteriskMatch1.8.8.0
ORdigiumasteriskMatch1.8.8.0rc1
ORdigiumasteriskMatch1.8.8.0rc2
ORdigiumasteriskMatch1.8.8.0rc3
ORdigiumasteriskMatch1.8.8.0rc4
ORdigiumasteriskMatch1.8.8.0rc5
ORdigiumasteriskMatch1.8.8.1
ORdigiumasteriskMatch1.8.8.2
ORdigiumasteriskMatch1.8.9.0
ORdigiumasteriskMatch1.8.9.0rc1
ORdigiumasteriskMatch1.8.9.0rc2
ORdigiumasteriskMatch1.8.9.0rc3
ORdigiumasteriskMatch1.8.9.1
ORdigiumasteriskMatch1.8.9.2
ORdigiumasteriskMatch1.8.9.3
ORdigiumasteriskMatch1.8.10.0
ORdigiumasteriskMatch1.8.10.0rc1
ORdigiumasteriskMatch1.8.10.0rc2
ORdigiumasteriskMatch1.8.10.0rc3
ORdigiumasteriskMatch1.8.10.0rc4
ORdigiumasteriskMatch1.8.10.1
ORdigiumasteriskMatch1.8.11.0
ORdigiumasteriskMatch1.8.11.0rc2
ORdigiumasteriskMatch1.8.11.0rc3
ORdigiumasteriskMatch1.8.11.1
ORdigiumasteriskMatch1.8.12
ORdigiumasteriskMatch1.8.12.0
ORdigiumasteriskMatch1.8.12.0rc1
ORdigiumasteriskMatch1.8.12.0rc2
ORdigiumasteriskMatch1.8.12.0rc3
ORdigiumasteriskMatch1.8.13.0
ORdigiumasteriskMatch1.8.13.0rc1
ORdigiumasteriskMatch1.8.13.0rc2
ORdigiumasteriskMatch1.8.13.1
ORdigiumasteriskMatch1.8.14.0rc1
ORdigiumasteriskMatch1.8.14.0rc2
ORdigiumasteriskMatch1.8.14.1
ORdigiumasteriskMatch1.8.15.0
ORdigiumasteriskMatch1.8.15.0rc1
ORdigiumasteriskMatch1.8.15.1
ORdigiumasteriskMatch1.8.16.0
ORdigiumasteriskMatch1.8.16.0rc1
ORdigiumasteriskMatch1.8.16.0rc2
ORdigiumasteriskMatch1.8.17.0
ORdigiumasteriskMatch1.8.17.0rc1
ORdigiumasteriskMatch1.8.17.0rc2
ORdigiumasteriskMatch1.8.17.0rc3
ORdigiumasteriskMatch1.8.18.0
ORdigiumasteriskMatch1.8.18.0rc1
ORdigiumasteriskMatch1.8.18.1
ORdigiumasteriskMatch1.8.19.0rc1
ORdigiumasteriskMatch1.8.19.0rc3
Node
digiumasteriskMatch10.0.0
ORdigiumasteriskMatch10.0.0beta1
ORdigiumasteriskMatch10.0.0beta2
ORdigiumasteriskMatch10.0.0rc1
ORdigiumasteriskMatch10.0.0rc2
ORdigiumasteriskMatch10.0.0rc3
ORdigiumasteriskMatch10.0.1
ORdigiumasteriskMatch10.1.0
ORdigiumasteriskMatch10.1.0rc1
ORdigiumasteriskMatch10.1.0rc2
ORdigiumasteriskMatch10.1.1
ORdigiumasteriskMatch10.1.2
ORdigiumasteriskMatch10.1.3
ORdigiumasteriskMatch10.2.0
ORdigiumasteriskMatch10.2.0rc1
ORdigiumasteriskMatch10.2.0rc2
ORdigiumasteriskMatch10.2.0rc3
ORdigiumasteriskMatch10.2.0rc4
ORdigiumasteriskMatch10.2.1
ORdigiumasteriskMatch10.3.0
ORdigiumasteriskMatch10.3.0rc2
ORdigiumasteriskMatch10.3.0rc3
ORdigiumasteriskMatch10.3.1
ORdigiumasteriskMatch10.4.0
ORdigiumasteriskMatch10.4.0rc1
ORdigiumasteriskMatch10.4.0rc2
ORdigiumasteriskMatch10.4.0rc3
ORdigiumasteriskMatch10.4.1
ORdigiumasteriskMatch10.4.2
ORdigiumasteriskMatch10.5.0
ORdigiumasteriskMatch10.5.0rc1
ORdigiumasteriskMatch10.5.0rc2
ORdigiumasteriskMatch10.5.1
ORdigiumasteriskMatch10.5.2digiumphones
ORdigiumasteriskMatch10.6.0
ORdigiumasteriskMatch10.6.0digiumphones
ORdigiumasteriskMatch10.6.0rc1
ORdigiumasteriskMatch10.6.0rc2
ORdigiumasteriskMatch10.6.1
ORdigiumasteriskMatch10.6.1digiumphones
ORdigiumasteriskMatch10.7.0
ORdigiumasteriskMatch10.7.0digiumphones
ORdigiumasteriskMatch10.7.0rc1
ORdigiumasteriskMatch10.7.1
ORdigiumasteriskMatch10.8.0
ORdigiumasteriskMatch10.8.0rc1
ORdigiumasteriskMatch10.8.0rc2
ORdigiumasteriskMatch10.9.0
ORdigiumasteriskMatch10.9.0rc1
ORdigiumasteriskMatch10.9.0rc2
ORdigiumasteriskMatch10.9.0rc3
ORdigiumasteriskMatch10.10.0
ORdigiumasteriskMatch10.10.0rc1
ORdigiumasteriskMatch10.10.0rc2
ORdigiumasteriskMatch10.10.1
ORdigiumasteriskMatch10.11.0
ORdigiumasteriskMatch10.11.0rc1
ORdigiumasteriskMatch10.11.0rc3
Node
digiumasteriskMatch11.0.0
ORdigiumasteriskMatch11.0.0beta1
ORdigiumasteriskMatch11.0.0beta2
ORdigiumasteriskMatch11.0.0rc1
ORdigiumasteriskMatch11.0.0rc2
ORdigiumasteriskMatch11.0.1
ORdigiumasteriskMatch11.0.2
ORdigiumasteriskMatch11.1.0
ORdigiumasteriskMatch11.1.0rc1
ORdigiumasteriskMatch11.1.0rc3
ORdigiumasteriskMatch11.1.1
Node
digiumcertified_asteriskMatch1.8.11cert
ORdigiumcertified_asteriskMatch1.8.11cert1
ORdigiumcertified_asteriskMatch1.8.11cert2
ORdigiumcertified_asteriskMatch1.8.11cert3
ORdigiumcertified_asteriskMatch1.8.11cert4
ORdigiumcertified_asteriskMatch1.8.11cert5
ORdigiumcertified_asteriskMatch1.8.11cert6
ORdigiumcertified_asteriskMatch1.8.11cert7
ORdigiumcertified_asteriskMatch1.8.11cert8
ORdigiumcertified_asteriskMatch1.8.11cert9
Node
digiumasteriskMatch10.0.0digiumphones
ORdigiumasteriskMatch10.0.0beta1digiumphones
ORdigiumasteriskMatch10.0.0beta2digiumphones
ORdigiumasteriskMatch10.0.0rc1digiumphones
ORdigiumasteriskMatch10.0.0rc2digiumphones
ORdigiumasteriskMatch10.0.0rc3digiumphones
ORdigiumasteriskMatch10.1.0digiumphones
ORdigiumasteriskMatch10.1.0rc1digiumphones
ORdigiumasteriskMatch10.1.0rc2digiumphones
ORdigiumasteriskMatch10.1.1digiumphones
ORdigiumasteriskMatch10.2.0digiumphones
ORdigiumasteriskMatch10.2.0rc1digiumphones
ORdigiumasteriskMatch10.2.0rc2digiumphones
ORdigiumasteriskMatch10.2.0rc3digiumphones
ORdigiumasteriskMatch10.2.0rc4digiumphones
ORdigiumasteriskMatch10.3.0digiumphones
ORdigiumasteriskMatch10.3.0rc2digiumphones
ORdigiumasteriskMatch10.3.0rc3digiumphones
ORdigiumasteriskMatch10.4.0digiumphones
ORdigiumasteriskMatch10.4.0rc1digiumphones
ORdigiumasteriskMatch10.4.0rc2digiumphones
ORdigiumasteriskMatch10.5.0digiumphones
ORdigiumasteriskMatch10.5.0rc1digiumphones
ORdigiumasteriskMatch10.5.0rc2digiumphones
ORdigiumasteriskMatch10.5.1digiumphones
ORdigiumasteriskMatch10.5.2digiumphones
ORdigiumasteriskMatch10.6.0digiumphones
ORdigiumasteriskMatch10.6.1digiumphones
ORdigiumasteriskMatch10.7.0digiumphones
Related
debiancve
debiancve
CVE-2012-5977
2013-01-04 15:55:02
prion
prion
Design/Logic Flaw
2013-01-04 15:55:00
nvd
nvd
CVE-2012-5977
2013-01-04 15:55:02
cvelist
cvelist
CVE-2012-5977
2013-01-04 15:00:00
securityvulns
securityvulns
AST-2012-015: Denial of Service Through Exploitation of Device State Caching
2013-01-05 00:00:00
Asterisk security vulnerabilities
2013-01-05 00:00:00
ubuntucve
ubuntucve
CVE-2012-5977
2013-01-04 00:00:00
nessus
nessus
Fedora 16 : asterisk-1.8.20.0-1.fc16 (2013-0992)
2013-01-31 00:00:00
Fedora 17 : asterisk-10.12.0-1.fc17 (2013-0994)
2013-01-31 00:00:00
Asterisk Peer Multiple Vulnerabilities (AST-2012-014 / AST-2012-015)
2013-02-21 00:00:00
openvas
openvas
Fedora Update for asterisk FEDORA-2013-1003
2013-01-31 00:00:00
Fedora Update for asterisk FEDORA-2013-0992
2013-01-31 00:00:00
Debian: Security Advisory (DSA-2605-1)
2013-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: asterisk-11.2.0-1.fc18
2013-01-30 00:33:07
[SECURITY] Fedora 17 Update: asterisk-10.12.0-1.fc17
2013-01-30 00:36:44
[SECURITY] Fedora 16 Update: asterisk-1.8.20.0-1.fc16
2013-01-30 00:55:24
debian
debian
[SECURITY] [DSA 2605-2] asterisk regression update
2013-01-19 14:01:19
[SECURITY] [DSA 2605-1] asterisk security update
2013-01-13 20:36:39
freebsd
freebsd
asterisk -- multiple vulnerabilities
2013-01-02 00:00:00
osv
osv
asterisk - several issues
2013-01-19 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2014-01-21 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.4 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.4%
Related for CVE-2012-5977