Vulnerabilities > CVE-2021-26712 - Unspecified vulnerability in Digium Asterisk and Certified Asterisk
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html
- http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html
- http://seclists.org/fulldisclosure/2021/Feb/59
- http://seclists.org/fulldisclosure/2021/Feb/59
- https://downloads.asterisk.org/pub/security/
- https://downloads.asterisk.org/pub/security/
- https://downloads.asterisk.org/pub/security/AST-2021-003.html
- https://downloads.asterisk.org/pub/security/AST-2021-003.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29260
- https://issues.asterisk.org/jira/browse/ASTERISK-29260