CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.9%
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :
A buffer overflow exists in the SIP SDP headers and h264 video handling. NOTE:Only Affects version less than 11.2.2 (CVE-2013-2685)
A denial of server exists in the HTTP POST requests with very large ‘Conten-Length’ header values. (CVE-2013-2686)
An information disclosure exists in the INVITE, SUBSCRIBE and REGISTER transactions and improper settings for the configureatio options. (CVE-2013-2264)
Binary data 6750.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2685
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686
downloads.asterisk.org/pub/security/AST-2013-001.html
downloads.asterisk.org/pub/security/AST-2013-002.html
downloads.asterisk.org/pub/security/AST-2013-003.html
issues.asterisk.org/jira/browse/ASTERISK-20901
issues.asterisk.org/jira/browse/ASTERISK-20967
issues.asterisk.org/jira/browse/ASTERISK-21013