5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
0.63 Medium
EPSS
Percentile
97.9%
Package : asterisk
Version : 1:1.8.13.1~dfsg1-3+deb7u5
CVE ID : CVE-2014-2287 CVE-2016-7551
Debian Bug : 838832 741313
Two security vulnerabilities were discovered in Asterisk, an Open
Source PBX and telephony toolkit.
CVE-2014-2287
channels/chan_sip.c in Asterisk when chan_sip has a certain
configuration, allows remote authenticated users to cause a denial
of service (channel and file descriptor consumption) via an INVITE
request with a (1) Session-Expires or (2) Min-SE header with a
malformed or invalid value.
CVE-2016-7551
The overlap dialing feature in chan_sip allows chan_sip to report
to a device that the number that has been dialed is incomplete and
more digits are required. If this functionality is used with a
device that has performed username/password authentication RTP
resources are leaked. This occurs because the code fails to release
the old RTP resources before allocating new ones in this scenario.
If all resources are used then RTP port exhaustion will occur and
no RTP sessions are able to be set up.
For Debian 7 "Wheezy", these problems have been fixed in version
1:1.8.13.1~dfsg1-3+deb7u5.
We recommend that you upgrade your asterisk packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
0.63 Medium
EPSS
Percentile
97.9%