Lucene search

FreeBSD8DD438ED-A338-11ED-B48B-589CFC0F81B0

HistoryDec 01, 2022 - 12:00 a.m.

Asterisk -- multiple vulnerabilities

2022-12-0100:00:00

vuxml.freebsd.org

asterisk

vulnerabilities

remote crash

use after free

h323

res_pjsip_pubsub.c

getconfig

ami action

unix

file access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.4%

JSON

The Asterisk project reports:

AST-2022-007: Remote Crash Vulnerability in H323 channel add on
AST-2022-008: Use after free in res_pjsip_pubsub.c
AST-2022-009: GetConfig AMI Action can read files outside of
Asterisk directory

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchasterisk18< 18.15.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	asterisk18	< 18.15.1	UNKNOWN

References

downloads.asterisk.org/pub/security/AST-2022-007.html

downloads.asterisk.org/pub/security/AST-2022-008.html

downloads.asterisk.org/pub/security/AST-2022-009.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.4%

JSON

Related for 8DD438ED-A338-11ED-B48B-589CFC0F81B0