vulnerability
Ubuntu: (CVE-2021-26717): asterisk vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Feb 18, 2021 | Jun 26, 2025 | Jun 26, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Feb 18, 2021
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
Solution
no-fix-ubuntu-package
References
- CVE-2021-26717
- https://attackerkb.com/topics/CVE-2021-26717
- URL-http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html
- URL-http://seclists.org/fulldisclosure/2021/Feb/58
- URL-https://downloads.asterisk.org/pub/security/
- URL-https://downloads.asterisk.org/pub/security/AST-2021-002.html
- URL-https://issues.asterisk.org/jira/browse/ASTERISK-29203
- URL-https://www.cve.org/CVERecord?id=CVE-2021-26717
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.