The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Asterisk: denial of service via res_pjsip_session

Synthesis of the vulnerability 

An attacker can trigger a fatal error via res_pjsip_session of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source.
Severity of this bulletin: 2/4.
Creation date: 06/11/2020.
Références of this threat: AST-2020-001, CERTFR-2020-AVI-720, CVE-2020-28327, ES2020-02, VIGILANCE-VUL-33843.

Description of the vulnerability 

An attacker can trigger a fatal error via res_pjsip_session of Asterisk, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as Asterisk Open Source.

Our Vigil@nce team determined that the severity of this threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness announce.

Solutions for this threat 

Asterisk: version 18.0.1.
The version 18.0.1 is fixed:
  https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk: version 17.8.1.
The version 17.8.1 is fixed:
  https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk: version 16.14.1.
The version 16.14.1 is fixed:
  https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk: version 13.37.1.
The version 13.37.1 is fixed:
  https://downloads.asterisk.org/pub/telephony/asterisk/releases
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability announce. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.