VOIP: Digium Asterisk PJSIP Contact Header Denial of Service
This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can result in a denial-of-service condition.
Extended Description
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Affected Products
Digium asterisk
Short Name
VOIP:SIP:CVE-2017-17850-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
VOIP
Keywords
Asterisk CVE-2017-17850 Contact Denial Digium Header PJSIP Service of
Release Date
02/15/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Digium
CVSS Score
5.0