VOIP: Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow
A buffer overflow has been reported in the CDR engine of Digium Asterisk. Successful exploitation could result in arbitrary code execution under the context of the user running the Asterisk service.
Extended Description
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
Affected Products
Digium certified_asterisk
Short Name
VOIP:SIP:DIGIUM-ASTERSK-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
VOIP
Keywords
Asterisk Buffer CDR CVE-2017-16671 CVE-2017-7617 Digium Overflow ast_cdr_setuserfield bid:101760 bid:97377
Release Date
05/11/2017
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Digium
CVSS Score
6.5