PRIOn knowledge basePRION:CVE-2021-31878

HistoryJul 30, 2021 - 2:15 p.m.

Cross site request forgery (csrf)

2021-07-3014:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

CPENameOperatorVersion
asteriskeq18.3.0
asteriskeq18.4.0
asteriskeq16.17.0
asteriskeq16.18.0
asteriskeq16.19.0
asteriskeq18.5.0

Name	Operator	Version
asterisk	eq	18.3.0
asterisk	eq	18.4.0
asterisk	eq	16.17.0
asterisk	eq	16.18.0
asterisk	eq	16.19.0
asterisk	eq	18.5.0

References

downloads.asterisk.org/pub/security/AST-2021-007.html

packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html

seclists.org/fulldisclosure/2021/Jul/48

downloads.digium.com/pub/security/AST-2021-007.html

issues.asterisk.org/jira/browse/ASTERISK-29381