CVE-2016-7551

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://downloads.asterisk.org/pub/security/AST-2016-007.html	Mitigation Vendor Advisory
http://www.debian.org/security/2016/dsa-3700	Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832	Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1374733	Issue Tracking Patch
https://issues.asterisk.org/jira/browse/ASTERISK-26272	Issue Tracking Patch Third Party Advisory
http://downloads.asterisk.org/pub/security/AST-2016-007.html	Mitigation Vendor Advisory
http://www.debian.org/security/2016/dsa-3700	Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832	Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1374733	Issue Tracking Patch
https://issues.asterisk.org/jira/browse/ASTERISK-26272	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:digium:asterisk:11.0.0:::::::*
	cpe:2.3:a:digium:asterisk:11.0.0:beta1::::::
	cpe:2.3:a:digium:asterisk:11.0.0:beta2::::::
	cpe:2.3:a:digium:asterisk:11.0.0:rc1::::::
	cpe:2.3:a:digium:asterisk:11.0.0:rc2::::::
	cpe:2.3:a:digium:asterisk:11.0.1:::::::*
	cpe:2.3:a:digium:asterisk:11.0.2:::::::*
	cpe:2.3:a:digium:asterisk:11.1.0:::::::*
	cpe:2.3:a:digium:asterisk:11.1.0:rc1::::::
	cpe:2.3:a:digium:asterisk:11.1.0:rc3::::::
	cpe:2.3:a:digium:asterisk:11.1.1:::::::*
	cpe:2.3:a:digium:asterisk:11.1.2:::::::*
	cpe:2.3:a:digium:asterisk:11.2.0:::::::*
	cpe:2.3:a:digium:asterisk:11.2.0:rc1::::::
	cpe:2.3:a:digium:asterisk:11.2.0:rc2::::::
	cpe:2.3:a:digium:asterisk:11.2.1:::::::*
	cpe:2.3:a:digium:asterisk:11.2.2:::::::*
	cpe:2.3:a:digium:asterisk:11.3.0:::::::*
	cpe:2.3:a:digium:asterisk:11.4.0:::::::*
	cpe:2.3:a:digium:asterisk:11.5.0:::::::*
	cpe:2.3:a:digium:asterisk:11.5.1:::::::*
	cpe:2.3:a:digium:asterisk:11.6.0:::::::*
	cpe:2.3:a:digium:asterisk:11.6.1:::::::*
	cpe:2.3:a:digium:asterisk:11.7.0:::::::*
	cpe:2.3:a:digium:asterisk:11.8.0:::::::*
	cpe:2.3:a:digium:asterisk:11.8.1:::::::*
	cpe:2.3:a:digium:asterisk:11.9.0:::::::*
	cpe:2.3:a:digium:asterisk:11.10.0:::::::*
	cpe:2.3:a:digium:asterisk:11.10.1:::::::*
	cpe:2.3:a:digium:asterisk:11.10.2:::::::*
	cpe:2.3:a:digium:asterisk:11.11.0:::::::*
	cpe:2.3:a:digium:asterisk:11.12.0:::::::*
	cpe:2.3:a:digium:asterisk:11.12.1:::::::*
	cpe:2.3:a:digium:asterisk:11.13.0:::::::*
	cpe:2.3:a:digium:asterisk:11.13.1:::::::*
	cpe:2.3:a:digium:asterisk:11.14.0:::::::*
	cpe:2.3:a:digium:asterisk:11.14.1:::::::*
	cpe:2.3:a:digium:asterisk:11.14.2:::::::*
	cpe:2.3:a:digium:asterisk:11.15.0:::::::*
	cpe:2.3:a:digium:asterisk:11.15.1:::::::*
	cpe:2.3:a:digium:asterisk:11.16.0:::::::*
	cpe:2.3:a:digium:asterisk:11.17.0:::::::*
	cpe:2.3:a:digium:asterisk:11.17.1:::::::*
	cpe:2.3:a:digium:asterisk:11.18.0:::::::*
	cpe:2.3:a:digium:asterisk:11.19.0:::::::*
	cpe:2.3:a:digium:asterisk:11.20.0:::::::*
	cpe:2.3:a:digium:asterisk:11.21.0:::::::*
	cpe:2.3:a:digium:asterisk:11.21.1:::::::*
	cpe:2.3:a:digium:asterisk:11.21.2:::::::*
	cpe:2.3:a:digium:asterisk:11.22.0:::::::*
	cpe:2.3:a:digium:asterisk:11.22.0:rc1::::::
	cpe:2.3:a:digium:asterisk:11.23.0:::::::*
	cpe:2.3:a:digium:asterisk:11.23.0:rc1::::::
	cpe:2.3:a:digium:asterisk:13.0.0:::::::*
	cpe:2.3:a:digium:asterisk:13.0.0:beta1::::::
	cpe:2.3:a:digium:asterisk:13.0.0:beta2::::::
	cpe:2.3:a:digium:asterisk:13.0.0:beta3::::::
	cpe:2.3:a:digium:asterisk:13.0.1:::::::*
	cpe:2.3:a:digium:asterisk:13.0.2:::::::*
	cpe:2.3:a:digium:asterisk:13.1.0:::::::*
	cpe:2.3:a:digium:asterisk:13.1.1:::::::*
	cpe:2.3:a:digium:asterisk:13.2.0:::::::*
	cpe:2.3:a:digium:asterisk:13.2.1:::::::*
	cpe:2.3:a:digium:asterisk:13.3.0:::::::*
cpe:2.3:a:digium:asterisk:13.3.1:::::::*
cpe:2.3:a:digium:asterisk:13.3.2:::::::*
cpe:2.3:a:digium:asterisk:13.4.0:::::::*
cpe:2.3:a:digium:asterisk:13.5.0:::::::*
cpe:2.3:a:digium:asterisk:13.6.0:::::::*
cpe:2.3:a:digium:asterisk:13.7.0:::::::*
cpe:2.3:a:digium:asterisk:13.7.1:::::::*
cpe:2.3:a:digium:asterisk:13.7.2:::::::*
cpe:2.3:a:digium:asterisk:13.8.0:::::::*
cpe:2.3:a:digium:asterisk:13.8.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.8.1:::::::*
cpe:2.3:a:digium:asterisk:13.8.2:::::::*
cpe:2.3:a:digium:asterisk:13.9.0:::::::*
cpe:2.3:a:digium:asterisk:13.9.1:::::::*
cpe:2.3:a:digium:asterisk:13.10.0:::::::*
cpe:2.3:a:digium:asterisk:13.10.0:rc1::::::
cpe:2.3:a:digium:asterisk:13.11.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:digium:certified_asterisk:11.6:cert1::::::
	cpe:2.3:a:digium:certified_asterisk:11.6:cert1:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1::::::
	cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2::::::
	cpe:2.3:a:digium:certified_asterisk:11.6:cert10:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert11:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert12:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert13:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert14:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert15:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert2::::::
	cpe:2.3:a:digium:certified_asterisk:11.6:cert2:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert3::::::
	cpe:2.3:a:digium:certified_asterisk:11.6:cert3:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert4:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert5:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert6:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert7:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert8:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6:cert9:::lts:::*
	cpe:2.3:a:digium:certified_asterisk:11.6.0::::lts:::
	cpe:2.3:a:digium:certified_asterisk:11.6.0:-::::::
	cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1::::::
	cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2::::::
	cpe:2.3:a:digium:certified_asterisk:13.8:cert1::::::
	cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1::::::
	cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2::::::
	cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3::::::
	cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1::::::
	cpe:2.3:a:digium:certified_asterisk:13.8.0:::::::*
	cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1::::::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:58

Type	Values Removed	Values Added
References	~~() http://downloads.asterisk.org/pub/security/AST-2016-007.html - Mitigation, Vendor Advisory~~	() http://downloads.asterisk.org/pub/security/AST-2016-007.html - Mitigation, Vendor Advisory
References	~~() http://www.debian.org/security/2016/dsa-3700 - Third Party Advisory~~	() http://www.debian.org/security/2016/dsa-3700 - Third Party Advisory
References	~~() https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1374733 - Issue Tracking, Patch~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1374733 - Issue Tracking, Patch
References	~~() https://issues.asterisk.org/jira/browse/ASTERISK-26272 - Issue Tracking, Patch, Third Party Advisory~~	() https://issues.asterisk.org/jira/browse/ASTERISK-26272 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2017-04-17 16:59

Updated : 2024-11-21 02:58

NVD link : CVE-2016-7551

Mitre link : CVE-2016-7551

CVE.ORG link : CVE-2016-7551

JSON object : View

Products Affected

debian

debian_linux

digium

asterisk
certified_asterisk

CWE

CWE-399

Resource Management Errors

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-7551

7.5^/10

5.0^/10

Attach tags to `CVE-2016-7551`