Vulnerabilities > CVE-2014-4048 - Unspecified vulnerability in Digium Asterisk

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
digium
nessus
NVD
Published: 2014-06-17
Updated: 2024-11-21

Summary

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

Vulnerable Configurations

Part Description Count
Application
Digium
788

Nessus

NASL familyMisc.
NASL idASTERISK_AST_2014_008.NASL
descriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following denial of service vulnerabilities in the PJSIP channel driver : - A flaw exists in the publish / subscribe framework when an attempt to unsubscribe is made when not already subscribed. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-4045) - A flaw exists when handling a SIP transaction timeout which may cause SIP traffic to not be processed. This could allow a remote, authenticated attacker subscribe to a resource in Asterisk and immediately disconnect, resulting in a denial of service. (CVE-2014-4048) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen2020-06-01
modified2020-06-02
plugin id76089
published2014-06-17
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/76089
titleAsterisk PJSIP Channel Driver Multiple DoS Vulnerabilities (AST-2014-005 / AST-2014-008)

References