Vulnerability Details CVE-2012-2948
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.8%
CVSS Severity
CVSS v2 Score 4.0
References
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html
- http://downloads.asterisk.org/pub/security/AST-2012-008.html
- http://secunia.com/advisories/49303
- http://www.debian.org/security/2012/dsa-2493
- http://www.securityfocus.com/bid/53723
- http://www.securitytracker.com/id?1027103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75937
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html
- http://downloads.asterisk.org/pub/security/AST-2012-008.html
- http://secunia.com/advisories/49303
- http://www.debian.org/security/2012/dsa-2493
- http://www.securityfocus.com/bid/53723
- http://www.securitytracker.com/id?1027103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75937
Products affected by CVE-2012-2948
-
cpe:2.3:a:asterisk:certified_asterisk:1.8.11
-
cpe:2.3:a:asterisk:open_source:1.8.0
-
cpe:2.3:a:asterisk:open_source:1.8.1
-
cpe:2.3:a:asterisk:open_source:1.8.10.0
-
cpe:2.3:a:asterisk:open_source:1.8.11.0
-
cpe:2.3:a:asterisk:open_source:1.8.12
-
cpe:2.3:a:asterisk:open_source:1.8.12.0
-
cpe:2.3:a:asterisk:open_source:1.8.2
-
cpe:2.3:a:asterisk:open_source:1.8.3
-
cpe:2.3:a:asterisk:open_source:1.8.5
-
cpe:2.3:a:asterisk:open_source:1.8.5.0
-
cpe:2.3:a:asterisk:open_source:1.8.6.0
-
cpe:2.3:a:asterisk:open_source:1.8.7.0
-
cpe:2.3:a:asterisk:open_source:1.8.8.0
-
cpe:2.3:a:asterisk:open_source:1.8.9.0
-
cpe:2.3:a:asterisk:open_source:10.0.0
-
cpe:2.3:a:asterisk:open_source:10.1.0
-
cpe:2.3:a:asterisk:open_source:10.2.0
-
cpe:2.3:a:asterisk:open_source:10.3
-
cpe:2.3:a:asterisk:open_source:10.3.0
-
cpe:2.3:a:asterisk:open_source:10.4.0
-
cpe:2.3:a:sangoma:asterisk:1.6.1
-
cpe:2.3:a:sangoma:asterisk:1.6.1.4
-
cpe:2.3:a:sangoma:asterisk:1.6.1.8