CVE-2021-26712

Source
https://cve.org/CVERecord?id=CVE-2021-26712
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26712.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-26712
Downstream
Published
2021-02-18T21:15:11.447Z
Modified
2026-07-08T21:26:18.069815Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "13.0.0"
        },
        {
            "last_affected": "13.38.2"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.16.1"
        },
        {
            "introduced": "17.0.0"
        },
        {
            "fixed": "17.9.2"
        },
        {
            "introduced": "18.0"
        },
        {
            "fixed": "18.2.1"
        },
        {
            "introduced": "16.8-NA"
        },
        {
            "last_affected": "16.8-NA"
        },
        {
            "introduced": "16.8-cert1\\-rc1"
        },
        {
            "last_affected": "16.8-cert1\\-rc1"
        },
        {
            "introduced": "16.8-cert1\\-rc2"
        },
        {
            "last_affected": "16.8-cert1\\-rc2"
        },
        {
            "introduced": "16.8-cert1\\-rc3"
        },
        {
            "last_affected": "16.8-cert1\\-rc3"
        },
        {
            "introduced": "16.8-cert1\\-rc4"
        },
        {
            "last_affected": "16.8-cert1\\-rc4"
        },
        {
            "introduced": "16.8-cert2"
        },
        {
            "last_affected": "16.8-cert2"
        },
        {
            "introduced": "16.8-cert3"
        },
        {
            "last_affected": "16.8-cert3"
        },
        {
            "introduced": "16.8-cert4"
        },
        {
            "last_affected": "16.8-cert4"
        },
        {
            "introduced": "16.8-cert4\\-rc1"
        },
        {
            "last_affected": "16.8-cert4\\-rc1"
        },
        {
            "introduced": "16.8-cert4\\-rc2"
        },
        {
            "last_affected": "16.8-cert4\\-rc2"
        },
        {
            "introduced": "16.8-cert4\\-rc3"
        },
        {
            "last_affected": "16.8-cert4\\-rc3"
        },
        {
            "introduced": "16.8-cert4\\-rc4"
        },
        {
            "last_affected": "16.8-cert4\\-rc4"
        },
        {
            "introduced": "16.8-cert5"
        },
        {
            "last_affected": "16.8-cert5"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

16.*
16.8-NA
16.8-cert1\-rc1
16.8-cert1\-rc2
16.8-cert1\-rc3
16.8-cert1\-rc4
16.8-cert2
16.8-cert3
16.8-cert4
16.8-cert4\-rc1
16.8-cert4\-rc2
16.8-cert4\-rc3
16.8-cert4\-rc4
16.8-cert5
16.8.0
certified/16.*
certified/16.8-cert1
certified/16.8-cert1-rc1
certified/16.8-cert1-rc2
certified/16.8-cert1-rc3
certified/16.8-cert1-rc4
certified/16.8-cert1-rc5
certified/16.8-cert2
certified/16.8-cert3
certified/16.8-cert4
certified/16.8-cert4-rc1
certified/16.8-cert4-rc2
certified/16.8-cert4-rc3
certified/16.8-cert4-rc4
certified/16.8-cert5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26712.json"