Lucene search
GoogleOSV:CVE-2019-18790HistoryNov 22, 2019 - 5:15 p.m.
CVE-2019-18790
2019-11-2217:15:11
Google
osv.dev
4
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer’s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer’s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
Related
alpinelinux
alpinelinux
CVE-2019-18790
2019-11-22 17:15:11
cvelist
cvelist
CVE-2019-18790
2019-11-22 16:22:55
symantec
symantec
Multiple Asterisk Products CVE-2019-18790 Authorization Bypass Vulnerability
2019-11-21 00:00:00
veracode
veracode
Access Restriction Bypass
2022-04-05 08:10:17
ubuntucve
ubuntucve
CVE-2019-18790
2019-11-22 00:00:00
prion
prion
Authentication flaw
2019-11-22 17:15:00
nvd
nvd
CVE-2019-18790
2019-11-22 17:15:11
CVE-2019-18351
2021-03-05 02:15:12
cve
cve
CVE-2019-18790
2019-11-22 17:15:11
CVE-2019-18351
2021-03-05 02:15:12
nessus
nessus
debiancve
debiancve
CVE-2019-18790
2019-11-22 17:15:11
freebsd
freebsd
asterisk -- SIP request can change address of a SIP peer
2019-10-17 00:00:00
redhatcve
redhatcve
CVE-2019-18351
2022-05-20 22:45:58
openvas
openvas
Asterisk Multiple Vulnerabilities (AST-2019-006, AST-2019-007)
2019-11-22 00:00:00
Debian: Security Advisory (DLA-2017-1)
2019-12-01 00:00:00
Debian: Security Advisory (DLA-2969-1)
2022-04-04 00:00:00
osv
osv
asterisk - security update
2019-11-30 00:00:00
asterisk - security update
2022-04-03 00:00:00
debian
debian
[SECURITY] [DLA 2017-1] asterisk security update
2019-11-30 20:56:56
[SECURITY] [DLA 2969-1] asterisk security update
2022-04-03 05:56:53