Search for vulnerabilities
Vulnerability details: VCID-f8fs-r198-aaaj
Vulnerability ID VCID-f8fs-r198-aaaj
Aliases CVE-2023-49786
Summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-703 Improper Check or Handling of Exceptional Conditions
System Score Found at
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00535 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00535 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00913 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.01074 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.01099 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
cvssv3 5.9 https://nvd.nist.gov/vuln/detail/CVE-2023-49786
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2023-49786
Reference id Reference type URL
http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
https://api.first.org/data/v1/epss?cve=CVE-2023-49786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
http://seclists.org/fulldisclosure/2023/Dec/24
https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
http://www.openwall.com/lists/oss-security/2023/12/15/7
1059033 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
CVE-2023-49786 https://nvd.nist.gov/vuln/detail/CVE-2023-49786
GLSA-202412-03 https://security.gentoo.org/glsa/202412-03
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-49786
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-49786
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20648
EPSS Score 0.00065
Published At June 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-01-03T17:14:15.664791+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-49786 34.0.0rc1