CVE-2018-12227

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://downloads.asterisk.org/pub/security/AST-2018-008.html	Vendor Advisory
http://www.securityfocus.com/bid/104455	Third Party Advisory VDB Entry
https://issues.asterisk.org/jira/browse/ASTERISK-27818	Patch Vendor Advisory
https://security.gentoo.org/glsa/201811-11	Third Party Advisory
https://www.debian.org/security/2018/dsa-4320	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:digium:asterisk::::::::
	cpe:2.3:a:digium:asterisk::::::::
	cpe:2.3:a:digium:asterisk::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:digium:certified_asterisk:13.18:cert1::::::
	cpe:2.3:a:digium:certified_asterisk:13.18:cert2::::::
	cpe:2.3:a:digium:certified_asterisk:13.18:cert3::::::
	cpe:2.3:a:digium:certified_asterisk:13.21:cert1::::::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-12 04:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-12227

Mitre link : CVE-2018-12227

CVE.ORG link : CVE-2018-12227

JSON object : View

Products Affected

digium

certified_asterisk
asterisk

debian

debian_linux

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2018-12227", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-06-12T04:29:00.220", "references": [{"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/104455", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201811-11", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4320", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."}, {"lang": "es", "value": "Se ha descubierto un problema en Asterisk Open Source en versiones 13.x anteriores a la 13.21.1; versiones 14.x anteriores a la 14.7.7 y las versiones 15.x anteriores a la 15.4.1, as\u00ed como Certified Asterisk en versiones 13.18-cert anteriores a la 13.18-cert4 y 13.21-cert anteriores a la 13.21-cert2. Cuando las reglas de lista de control de acceso (ACL) espec\u00edficas del endpoint bloquean una petici\u00f3n SIP, responden con un mensaje de error 403 prohibido. Sin embargo, si no se identifica un endpoint, se env\u00eda una respuesta 401 no autorizada. Esta vulnerabilidad s\u00f3lo revela qu\u00e9 peticiones llegan a un endpoint definido. Las reglas de lista de control de acceso (ACL) no pueden omitirse para obtener acceso a los endpoints revelados."}], "lastModified": "2019-03-29T16:22:30.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85FB9D68-8BEE-40F5-8175-DC62C0EAFE8F", "versionEndExcluding": "13.21.1", "versionStartIncluding": "13.0.0"}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33B74E57-BD3C-4C54-A27C-F32DEF133390", "versionEndExcluding": "14.7.7", "versionStartExcluding": "14.0.0"}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41536B2F-2D75-406D-95CC-64889838F0B1", "versionEndExcluding": "15.4.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77"}, {"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B"}, {"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B0FC294-F910-491B-9DEF-9FFEACA208C7"}, {"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}