A security issue has been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to missing checks of IP addresses when processing database-based registrations ("realtime"). This can be exploited to authenticate as a legitimate user without a password.
Successful exploitation requires that host-based authentication is used and that the attacker has knowledge of a valid username.
The security issue affects the following products and versions:
* Asterisk Open Source 1.2.x prior to 1.2.26
* Asterisk Open Source 1.4.x prior to 1.4.16
* Asterisk Business Edition B.x.x prior to B.2.3.6
* Asterisk Business Edition C.x.x prior to C.1.0-beta8
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org