Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-2288
HistoryApr 18, 2014 - 10:14 p.m.

CVE-2014-2288

2014-04-1822:14:38
CWE-20
[email protected]
web.nvd.nist.gov
33
asterisk
pjsip
channel driver
denial of service
nvd
cve-2014-2288

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency “is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,” allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

Affected configurations

NVD
Node
digiumasteriskMatch12.0.0
OR
digiumasteriskMatch12.1.0-
OR
digiumasteriskMatch12.1.0rc1
OR
digiumasteriskMatch12.1.0rc2
OR
digiumasteriskMatch12.1.0rc3

Related

ubuntucve 1
cvelist 1
nvd 1
nessus 5
prion 1
debiancve 1
securityvulns 2
freebsd 1
openvas 1
gentoo 1
ubuntucve
ubuntucve
CVE-2014-2288
2014-04-18 00:00:00
cvelist
cvelist
CVE-2014-2288
2014-04-18 19:00:00
nvd
nvd
CVE-2014-2288
2014-04-18 22:14:38
nessus
nessus
Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)
2014-03-14 00:00:00
FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)
2014-03-12 00:00:00
Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)
2014-03-22 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-04-18 22:14:00
debiancve
debiancve
CVE-2014-2288
2014-04-18 22:14:38
securityvulns
securityvulns
AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver
2014-03-13 00:00:00
Asterisk multiple security vulnerabilities
2014-03-13 00:00:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2014-03-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201405-05
2015-09-29 00:00:00
gentoo
gentoo
Asterisk: Denial of service
2014-05-03 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON
Related for CVE-2014-2288
ubuntucve1cvelist1nvd1nessus5prion1debiancve1securityvulns2freebsd1openvas1gentoo1