CVE-2023-49786: Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
First published: Thu Dec 14 2023(Updated: )
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asterisk | <18.20.1 | |
| Asterisk | >=19.0.0<20.5.1 | |
| Asterisk | =21.0.0 | |
| Asterisk | =13.13.0 | |
| Asterisk | =13.13.0-cert1 | |
| Asterisk | =13.13.0-cert1-rc1 | |
| Asterisk | =13.13.0-cert1-rc2 | |
| Asterisk | =13.13.0-cert1-rc3 | |
| Asterisk | =13.13.0-cert1-rc4 | |
| Asterisk | =13.13.0-cert2 | |
| Asterisk | =13.13.0-cert3 | |
| Asterisk | =13.13.0-rc1 | |
| Asterisk | =13.13.0-rc2 | |
| Asterisk | =16.8.0 | |
| Asterisk | =16.8.0-cert1 | |
| Asterisk | =16.8.0-cert10 | |
| Asterisk | =16.8.0-cert11 | |
| Asterisk | =16.8.0-cert12 | |
| Asterisk | =16.8.0-cert2 | |
| Asterisk | =16.8.0-cert3 | |
| Asterisk | =16.8.0-cert4 | |
| Asterisk | =16.8.0-cert5 | |
| Asterisk | =16.8.0-cert6 | |
| Asterisk | =16.8.0-cert7 | |
| Asterisk | =16.8.0-cert8 | |
| Asterisk | =16.8.0-cert9 | |
| Asterisk | =18.9-cert1 | |
| Asterisk | =18.9-cert2 | |
| Asterisk | =18.9-cert3 | |
| Asterisk | =18.9-cert4 | |
| Asterisk | =18.9-cert5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
- https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
- https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
- http://www.openwall.com/lists/oss-security/2023/12/15/7
- http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2023/Dec/24
- https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
Frequently Asked Questions
What is the severity of CVE-2023-49786?
CVE-2023-49786 is classified as a denial of service (DoS) vulnerability due to a race condition.
How do I fix CVE-2023-49786?
To fix CVE-2023-49786, upgrade Asterisk to version 18.20.1, 20.5.1, 21.0.1, or the compatible certified-asterisk version 18.9-cert6 or later.
What versions are affected by CVE-2023-49786?
CVE-2023-49786 affects Asterisk versions prior to 18.20.1, 20.5.1, 21.0.1, and certified-asterisk versions before 18.9-cert6.
What component in Asterisk is impacted by CVE-2023-49786?
CVE-2023-49786 impacts the DTLS handshake phase in Asterisk, leading to a potential DoS condition.
Is CVE-2023-49786 easy to exploit?
Given that it is a denial of service vulnerability resulting from a race condition, exploitation may require specific conditions during the DTLS handshake.
- agent/type
- agent/event
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/title
- agent/references
- agent/author
- agent/description
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/trending
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/digium
- canonical/asterisk
- version/asterisk/19.0.0
- version/asterisk/21.0.0
- vendor/sangoma
- version/asterisk/13.13.0
- version/asterisk/13.13.0-cert1
- version/asterisk/13.13.0-cert1-rc1
- version/asterisk/13.13.0-cert1-rc2
- version/asterisk/13.13.0-cert1-rc3
- version/asterisk/13.13.0-cert1-rc4
- version/asterisk/13.13.0-cert2
- version/asterisk/13.13.0-cert3
- version/asterisk/13.13.0-rc1
- version/asterisk/13.13.0-rc2
- version/asterisk/16.8.0
- version/asterisk/16.8.0-cert1
- version/asterisk/16.8.0-cert10
- version/asterisk/16.8.0-cert11
- version/asterisk/16.8.0-cert12
- version/asterisk/16.8.0-cert2
- version/asterisk/16.8.0-cert3
- version/asterisk/16.8.0-cert4
- version/asterisk/16.8.0-cert5
- version/asterisk/16.8.0-cert6
- version/asterisk/16.8.0-cert7
- version/asterisk/16.8.0-cert8
- version/asterisk/16.8.0-cert9
- version/asterisk/18.9-cert1
- version/asterisk/18.9-cert2
- version/asterisk/18.9-cert3
- version/asterisk/18.9-cert4
- version/asterisk/18.9-cert5