Search for vulnerabilities
Vulnerability details: VCID-p3b1-tnc7-aaar
Vulnerability ID VCID-p3b1-tnc7-aaar
Aliases CVE-2018-12227
Summary An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
generic_textual Low http://downloads.asterisk.org/pub/security/AST-2018-008.html
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12227.html
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01216 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01263 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.01874 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.02957 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.05905 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.05905 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
epss 0.05905 https://api.first.org/data/v1/epss?cve=CVE-2018-12227
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
generic_textual Low https://issues.asterisk.org/jira/browse/ASTERISK-27818
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2018-12227
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-12227
Reference id Reference type URL
http://downloads.asterisk.org/pub/security/AST-2018-008.html
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12227.html
https://api.first.org/data/v1/epss?cve=CVE-2018-12227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
https://issues.asterisk.org/jira/browse/ASTERISK-27818
https://security.gentoo.org/glsa/201811-11
https://www.debian.org/security/2018/dsa-4320
http://www.securityfocus.com/bid/104455
902954 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2018-12227 https://nvd.nist.gov/vuln/detail/CVE-2018-12227
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-12227
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-12227
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77947
EPSS Score 0.01216
Published At May 13, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.