CVE-2017-17090

Published Dec 2, 2017

Last updated 5 years ago

CVSS high 7.5

Overview

Description: An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-459

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF0E7AD0-0B51-47BC-8746-CAC7C63F8AE8",
            "versionEndIncluding": "13.13"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA00E078-97B8-4C2D-BD07-DB2A25908303",
            "versionEndIncluding": "13.8.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BE71990-160B-413F-AB66-C29C7C1CC82F",
            "versionEndIncluding": "14.7.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D39329BD-4A6B-48DB-AFDB-DC58154CBDD8",
            "versionEndIncluding": "15.1.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References