Incorrect Implementation of Authentication Algorithm

CVE-2024-35190

Medium

5.8/10

Summary

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-303 - Incorrect Implementation of Authentication Algorithm

The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References

Advisory Timeline

Published May 17, 2024

Incorrect Implementation of Authentication Algorithm

CVE-2024-35190

Summary

CWE-303 - Incorrect Implementation of Authentication Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS