FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- SIP request can change address of a SIP peer

Affected packages
asterisk13 < 13.29.2
asterisk16 < 16.6.2


VuXML ID a8d94711-0d03-11ea-87ca-001999f8d30b
Discovery 2019-10-17
Entry 2019-11-22

The Asterisk project reports:

A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.


CVE Name CVE-2019-18790