Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2012-2948

Published: 02/06/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Certified Asterisk

Vulnerability Summary

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert prior to 1.8.11-cert2 and Asterisk Open Source 1.8.x prior to 1.8.12.1 and 10.x prior to 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk certified asterisk 1.8.11

asterisk open source

asterisk open source 1.8.12.0

asterisk open source 1.8.10.0

asterisk open source 1.8.9.0

asterisk open source 1.8.8.0

asterisk open source 1.8.7.0

asterisk open source 1.8.6.0

asterisk open source 1.8.2

asterisk open source 1.8.0

asterisk open source 1.8.11.0

asterisk open source 1.8.5

asterisk open source 1.8.3

asterisk open source 1.8.1

asterisk open source 1.8.12

asterisk open source 1.8.5.0

asterisk open source 10.4.0

asterisk open source 10.2.0

asterisk open source 10.0.0

asterisk open source 10.3.0

asterisk open source 10.1.0

asterisk open source 10.3

Vendor Advisories

Debian CVElist Bug Report Logs: asterisk: AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
Debian Bug report logs - #675210 asterisk: AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Tzafrir Cohen <tzafrir@debianorg& ...
Debian CVElist Bug Report Logs: asterisk: AST-2012-007 (CVE-2012-2947): crash on IAX receiving HOLD without MOH class
Debian Bug report logs - #675204 asterisk: AST-2012-007 (CVE-2012-2947): crash on IAX receiving HOLD without MOH class Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Tzafrir Cohen <tzafrir ...
Debian Security Advisories: DSA-2493-1 asterisk -- denial of service
Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit CVE-2012-2947 The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled) CVE-2012-2948 The Skinny channel driver allows remote authenticated users to cau ...

References

CWE-399http://downloads.asterisk.org/pub/security/AST-2012-008.htmlhttp://www.debian.org/security/2012/dsa-2493http://www.securitytracker.com/id?1027103http://www.securityfocus.com/bid/53723http://secunia.com/advisories/49303http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75937https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210https://www.debian.org/security/./dsa-2493
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook