vulnerability

Ubuntu: (CVE-2017-14603): asterisk vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Oct 10, 2017	Jun 26, 2025	Jul 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 10, 2017

Added

Jun 26, 2025

Modified

Jul 28, 2025

Description

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

Solution

no-fix-ubuntu-package

References

CVE-2017-14603
https://attackerkb.com/topics/CVE-2017-14603
URL-http://downloads.asterisk.org/pub/security/AST-2017-008.html
URL-https://issues.asterisk.org/jira/browse/ASTERISK-27252
URL-https://issues.asterisk.org/jira/browse/ASTERISK-27274
URL-https://www.cve.org/CVERecord?id=CVE-2017-14603

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today