CVE-2019-13161 Explained : Impact and Mitigation
Discover the critical vulnerability in Asterisk Open Source versions 13.27.0, 14.x, 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk version 13.21-cert3. Learn how an attacker can exploit the SDP negotiation flaw to crash Asterisk.
A vulnerability has been found in Asterisk Open Source versions 13.27.0, 14.x, 15.x through 15.7.2, and 16.x through 16.4.0, as well as Certified Asterisk version 13.21-cert3. This vulnerability involves a pointer dereference in the chan_sip component during SDP negotiation, leading to a crash in Asterisk when handling specific SDP responses.
Understanding CVE-2019-13161
This CVE identifies a critical vulnerability in Asterisk Open Source and Certified Asterisk versions, impacting the handling of SDP negotiation within the chan_sip module.
What is CVE-2019-13161?
This vulnerability allows an attacker to crash Asterisk by exploiting a pointer dereference issue in the chan_sip component during SDP negotiation. By manipulating specific SDP responses, an attacker can trigger a crash in Asterisk.
The Impact of CVE-2019-13161
The vulnerability can be exploited by an attacker to cause a denial of service (DoS) condition on systems running the affected versions of Asterisk. By sending crafted SDP responses, an attacker can crash the Asterisk service, disrupting communications.
Technical Details of CVE-2019-13161
This section provides detailed technical insights into the vulnerability.
Vulnerability Description
The vulnerability involves a pointer dereference in the chan_sip component of Asterisk during SDP negotiation. It occurs when handling specific SDP responses, leading to a crash in the Asterisk service.
Affected Systems and Versions
- Asterisk Open Source versions 13.27.0, 14.x, 15.x through 15.7.2, and 16.x through 16.4.0
- Certified Asterisk version 13.21-cert3
Exploitation Mechanism
To exploit this vulnerability, an attacker must:
- Cause the chan_sip module to send a T.38 re-invite request.
- Send an SDP response containing a T.38 UDPTL stream and another media stream with only a codec, violating chan_sip configuration.
Mitigation and Prevention
Protecting systems from CVE-2019-13161 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Apply security patches provided by Asterisk to address the vulnerability.
- Monitor network traffic for any suspicious activity that could indicate exploitation attempts.
Long-Term Security Practices
- Regularly update and patch Asterisk installations to mitigate known vulnerabilities.
- Implement network segmentation and access controls to limit the impact of potential attacks.
Patching and Updates
Ensure that all affected systems are updated with the latest patches released by Asterisk to remediate the vulnerability.