Select Page

Jul 24, 2018

Vulnerability Notification: Asterisk PJSIP Endpoint Presence Disclosure

by

[Overview]

Asterisk is an open source software that implements the Private Branch eXchange (PBX) of telephone, allowing multiple affiliated telephones or user agents to call each other and connect to other telephone services, including the Public Switched Telephone Network (PSTN), via trunks. Recently, Asterisk fixed an information disclosure vulnerability.

[Vulnerability Details]

CVE-2018-12227: This vulnerability is caused by improper handling of SIP requests to target systems configured with endpoint-specific ACL rules. In general, when the endpoint specified in the SIP request does not exist, Asterisk will return a “401 Unauthorized” response. When the endpoint configures an ACL, if the SIP request does not comply with the ACL rule, it will return a “403 Disabled” response. Unauthorized attackers can use this vulnerability to enumerate existing SIP endpoints and obtain sensitive data that can cause other attacks.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227

[Severity]

High

[Affected Versions]

  • Asterisk Asterisk Open Source 13.x prior to 13.21.1
  • Asterisk Asterisk Open Source 14.x prior to 14.7.7
  • Asterisk Asterisk Open Source 15.x prior to 15.4.1
  • Asterisk Certified Asterisk 13.18-cert before 13.18-cert4
  • Asterisk Certified Asterisk 13.21-cert before 13.21-cert2

[Suggestions]

Update the bug fix release provided by Asterisk to eliminate the damage caused by the vulnerability.

Only allow trusted peers to connect to the Asterisk server.

Official statement: http://downloads.asterisk.org/pub/security/AST-2018-008.html

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.246. By deploying any Hillstone Networks solution with the IPS function, the Asterisk PJSIP Endpoint Presence Disclosure vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.

 

Threat Events Detected by Hillstone Solutions

 

Vulnerability Detail Description