← Back

CVE-2021-26712

nvd nist
Published: Feb 18, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

Affected (17)

Digium
2 products
Asterisk
Certified Asterisk
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
From 13.0.0 to 13.38.2
Asterisk
From 16.0.0 to 16.16.1
Asterisk
From 17.0.0 to 17.9.2
Asterisk
From 18.0 to 18.2.1
Digium
Certified Asterisk
Version 16.8
Certified Asterisk
Version 16.8 cert1-rc1
Certified Asterisk
Version 16.8 cert1-rc2
Certified Asterisk
Version 16.8 cert1-rc3
Certified Asterisk
Version 16.8 cert1-rc4
Certified Asterisk
Version 16.8 cert2
Certified Asterisk
Version 16.8 cert3
Certified Asterisk
Version 16.8 cert4-rc1
Certified Asterisk
Version 16.8 cert4-rc2
Certified Asterisk
Version 16.8 cert4-rc3
Certified Asterisk
Version 16.8 cert4-rc4
Certified Asterisk
Version 16.8 cert4
Certified Asterisk
Version 16.8 cert5

References (10)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory

Timeline

No history available yet.