CVE-2022-26499
Description
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, its possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.362
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| asterisk security update(DSA-5285-1) asterisk_16.28.0~dfsg-0+deb11u1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234