Ubuntu.comUB:CVE-2020-28242CVE-2020-28242
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
60.0%
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x
before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified
Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE
and the nonce is changed in each response, Asterisk will continually send
INVITEs in a loop. This causes Asterisk to consume more and more memory
since the transaction will never terminate (even if the call is hung up),
ultimately leading to a restart or shutdown of Asterisk. Outbound
authentication must be configured on the endpoint for this to occur.
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
60.0%