CVE-2018-12227

CVE Database · CVE-2018-12227

CVE-2018-12227

· N/AModified

CVSS v3.1

N/A

EPSS

3.53%

Published

Jun 12, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

Weaknesses (CWE)

CWE-200

Affected Products (8)

digium · asterisk (up to 13.21.1)vulnerable

digium · asterisk (up to 14.7.7)vulnerable

digium · asterisk (up to 15.4.1)vulnerable

digium · certified_asteriskvulnerable