APP: Digium Asterisk HTTP Management Interface Stack Overflow

This signature detects possible attempts to exploit a known vulnerability in Digium Asterisk. A successful attack can lead to a Stack overflow and arbitrary remote code execution within the context of the system.

Extended Description

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.

Affected Products

Digium asterisk

References

CVE: CVE-2013-2686

Short Name
APP:DIGIUM-ASTERISK-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Asterisk CVE-2012-5976 CVE-2013-2686 Digium HTTP Interface Management Overflow Stack
Release Date
05/29/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
Port
TCP/8088
False Positive
Unknown
Vendors

Digium

CVSS Score

5.0

Found a potential security threat?