FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- SIP request can change address of a SIP peer

Affected packages
asterisk13 < 13.29.2
asterisk16 < 16.6.2

Details

VuXML ID a8d94711-0d03-11ea-87ca-001999f8d30b
Discovery 2019-10-17
Entry 2019-11-22

The Asterisk project reports:

A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

References

CVE Name CVE-2019-18790
URL https://downloads.asterisk.org/pub/security/AST-2019-006.html