CVE-2018-7286

MEDIUM

Asterisk 13.x-13.19.1, 14.x<14.7.5, 15.x-15.2.1, Certified Asterisk <13.18 - DoS via SIP INVITE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7286. PoCs published by EnableSecurity.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Asterisk's PJSIP channel driver by sending repeated INVITE messages over TLS and abruptly closing the connection, causing a segmentation fault.

Description

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EnableSecurity · pythondoslinux

https://www.exploit-db.com/exploits/44181

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in Asterisk's PJSIP channel driver by sending repeated INVITE messages over TLS and abruptly closing the connection, causing a segmentation fault.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Asterisk (15.2.0 and earlier, 13.19.0 and earlier, 14.7.5 and earlier) with chan_pjsip

Auth required

Prerequisites: Valid SIP credentials · TLS/TCP connectivity to the target Asterisk server

MITRE ATT&CK