Insufficient RTCP Packet Validation Vulnerability in Asterisk

Insufficient RTCP Packet Validation Vulnerability in Asterisk

CVE-2017-14603 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

Learn more about our Web Application Penetration Testing UK.