Select Page

[Overview]

Asterisk is an open source software that implements the Private Branch eXchange (PBX) of telephone, allowing multiple affiliated telephones or user agents to call each other and connect to other telephone services, including the Public Switched Telephone Network (PSTN), via trunks. Recently, Asterisk fixed an information disclosure vulnerability.

[Vulnerability Details]

CVE-2018-12227: This vulnerability is caused by improper handling of SIP requests to target systems configured with endpoint-specific ACL rules. In general, when the endpoint specified in the SIP request does not exist, Asterisk will return a “401 Unauthorized” response. When the endpoint configures an ACL, if the SIP request does not comply with the ACL rule, it will return a “403 Disabled” response. Unauthorized attackers can use this vulnerability to enumerate existing SIP endpoints and obtain sensitive data that can cause other attacks.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227

[Severity]

High

[Affected Versions]

  • Asterisk Asterisk Open Source 13.x prior to 13.21.1
  • Asterisk Asterisk Open Source 14.x prior to 14.7.7
  • Asterisk Asterisk Open Source 15.x prior to 15.4.1
  • Asterisk Certified Asterisk 13.18-cert before 13.18-cert4
  • Asterisk Certified Asterisk 13.21-cert before 13.21-cert2

[Suggestions]

Update the bug fix release provided by Asterisk to eliminate the damage caused by the vulnerability.


Only allow trusted peers to connect to the Asterisk server.

Official statement: http://downloads.asterisk.org/pub/security/AST-2018-008.html

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.246. By deploying any Hillstone Networks solution with the IPS function, the Asterisk PJSIP Endpoint Presence Disclosure vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level