Denial of Service Vulnerability in ConfBridge in Asterisk 11.x and Certified Asterisk 11.6

Denial of Service Vulnerability in ConfBridge in Asterisk 11.x and Certified Asterisk 11.6

CVE-2014-8414 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

Learn more about our Web Application Penetration Testing UK.