CVE-2019-18790 : What You Need to Know
Learn about CVE-2019-18790, a vulnerability in Sangoma Asterisk versions allowing manipulation of SIP peer IP addresses, potentially leading to call hijacking without authentication.
A vulnerability in Sangoma Asterisk versions allows for manipulation of a SIP peer's IP address, potentially leading to call hijacking without requiring authentication details.
Understanding CVE-2019-18790
This CVE involves a security flaw in the handling of SIP requests in Asterisk versions, enabling attackers to change a SIP peer's IP address.
What is CVE-2019-18790?
The vulnerability in channels/chan_sip.c in Sangoma Asterisk versions 13.x, 16.x, and 17.x, as well as Certified Asterisk 13.21, allows for the manipulation of a SIP peer's IP address through a crafted SIP request.
The Impact of CVE-2019-18790
Exploiting this vulnerability can result in the hijacking of calls without the need for authentication details, solely requiring knowledge of the peer's name. The exploit is only feasible when the nat option is set to default or auto_force_rport.
Technical Details of CVE-2019-18790
This section provides more in-depth technical insights into the vulnerability.
Vulnerability Description
The flaw in channels/chan_sip.c in Sangoma Asterisk versions enables the alteration of a SIP peer's IP address through a specially crafted SIP request.
Affected Systems and Versions
- Sangoma Asterisk versions 13.x before 13.29.2
- Sangoma Asterisk versions 16.x before 16.6.2
- Sangoma Asterisk versions 17.x before 17.0.1
- Certified Asterisk 13.21 before cert5
Exploitation Mechanism
The vulnerability allows attackers to manipulate a SIP peer's IP address without the need for authentication details, potentially leading to call hijacking.
Mitigation and Prevention
Protecting systems from CVE-2019-18790 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Update to Sangoma Asterisk versions 13.29.2, 16.6.2, 17.0.1, or Certified Asterisk 13.21 cert5 to mitigate the vulnerability.
- Review and adjust the nat option settings to prevent exploitation.
Long-Term Security Practices
- Regularly monitor and update Asterisk installations to address security vulnerabilities promptly.
- Implement network security measures to prevent unauthorized access to SIP peers.
Patching and Updates
- Apply the latest security patches and updates provided by Sangoma for Asterisk versions to address the vulnerability effectively.