2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2021-26712" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2021-02-18T21:15:11.447" ,
"lastModified" : "2021-02-24T17:14:49.470" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
} ,
{
"lang" : "es" ,
"value" : "Los controles de acceso incorrectos en el archivo res_srtp.c en Sangoma Asterisk versiones 13.38.1, 16.16.0, 17.9.1 y 18.2.0 y Certified Asterisk 16.8-cert5, permite a un atacante remoto no autenticado finalizar prematuramente llamadas seguras al reproducir paquetes SRTP"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "PARTIAL" ,
"baseScore" : 5.0
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-Other"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "13.0.0" ,
"versionEndIncluding" : "13.38.2" ,
"matchCriteriaId" : "DA727A7F-D350-450F-BF24-9E6D45FA6930"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.0.0" ,
"versionEndExcluding" : "16.16.1" ,
"matchCriteriaId" : "7382B641-0396-456F-BF33-3F6412E35F2D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "17.0.0" ,
"versionEndExcluding" : "17.9.2" ,
"matchCriteriaId" : "C5BA8606-ADA9-4841-A7E2-A9165138849A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "18.0" ,
"versionEndExcluding" : "18.2.1" ,
"matchCriteriaId" : "F10CB148-DF9C-4134-A417-3B111C036E20"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "81C3E390-8B99-4EB8-82DD-02893611209A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "17DB2297-1908-4F87-8046-2BAA74569D71"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*" ,
"matchCriteriaId" : "32F19F43-C1E8-4B6C-9356-AF355B7320BD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*" ,
"matchCriteriaId" : "21D1FA32-B441-485F-8AE9-F3A394626909"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*" ,
"matchCriteriaId" : "F7795CCF-B160-4B4F-9529-1192C11D7FDB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*" ,
"matchCriteriaId" : "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*" ,
"matchCriteriaId" : "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "142F1F89-49AC-4A0B-A273-61F697063A5A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "53041795-788C-4914-A2F6-41539ABE0244"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*" ,
"matchCriteriaId" : "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*" ,
"matchCriteriaId" : "769C854C-03CD-40A9-B39B-C0CDCA8252EA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*" ,
"matchCriteriaId" : "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "http://seclists.org/fulldisclosure/2021/Feb/59" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://downloads.asterisk.org/pub/security/" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://downloads.asterisk.org/pub/security/AST-2021-003.html" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-29260" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking" ,
"Patch" ,
"Vendor Advisory"
]
}
]
}
