CVE-2017-17090

HIGH

Certified Asterisk < 13.13 - Denial of Service via SCCP Request Flood

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17090. PoCs published by Juan Sacco.

AI-analyzed exploit summary This exploit targets a memory exhaustion vulnerability in Asterisk by sending a crafted SCCP packet, leading to a denial of service (DoS) condition. The PoC continuously sends the malicious packet to the target, causing the system to run out of memory.

Description

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Juan Sacco · pythondosmultiple

https://www.exploit-db.com/exploits/43992

View Code ZIP pw:eip

This exploit targets a memory exhaustion vulnerability in Asterisk by sending a crafted SCCP packet, leading to a denial of service (DoS) condition. The PoC continuously sends the malicious packet to the target, causing the system to run out of memory.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Asterisk 13.17.2~dfsg-2

No auth needed

Prerequisites: Network access to the target Asterisk server · Target must be running a vulnerable version of Asterisk

MITRE ATT&CK