Skip to main content

CVE-2022-42705: n/a in n/a

Medium
VulnerabilityCVE-2022-42705cvecve-2022-42705n-acwe-416
Published: Mon Dec 05 2022 (12/05/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.

AI-Powered Analysis

AILast updated: 06/24/2025, 04:10:31 UTC

Technical Analysis

CVE-2022-42705 is a use-after-free vulnerability identified in the res_pjsip_pubsub.c module of the Sangoma Asterisk telephony software, specifically affecting versions 16.28, 18.14, 19.6, and certified/18.9-cert2. Asterisk is an open-source framework widely used for building communications applications such as IP PBX systems, VoIP gateways, and conference servers. The vulnerability arises when a remote authenticated attacker performs concurrent activities on a subscription via a reliable transport while Asterisk is simultaneously processing activity on the same subscription. This race condition leads to a use-after-free scenario, where the software attempts to access memory that has already been freed, resulting in a crash of the Asterisk service and causing a denial of service (DoS). The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector metrics specify that the attack can be launched remotely over the network (AV:N) with low attack complexity (AC:L), requires privileges (PR:L) but no user interaction (UI:N), and impacts availability only (A:H) without affecting confidentiality or integrity. No known exploits are currently reported in the wild, and no official patches or vendor advisories are linked in the provided data. The vulnerability is categorized under CWE-416 (Use After Free), a common memory corruption issue that can lead to crashes or potentially more severe exploitation if combined with other vulnerabilities. Given the nature of the flaw, exploitation requires authenticated access, implying that attackers must have valid credentials or compromised accounts to trigger the condition. The vulnerability specifically targets the subscription handling mechanism within the PJSIP module, which manages SIP (Session Initiation Protocol) subscriptions and notifications, a core component in VoIP communications handled by Asterisk.

Potential Impact

For European organizations relying on Sangoma Asterisk for their telephony infrastructure, this vulnerability poses a risk primarily of service disruption. The denial of service condition can interrupt voice communications, impacting business operations, customer service, and internal communications. Organizations in sectors with high dependency on VoIP systems—such as telecommunications providers, call centers, financial institutions, and public sector entities—may experience operational downtime, leading to financial losses and reputational damage. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting service outages could indirectly affect business continuity and emergency communication capabilities. The requirement for authenticated access limits the attack surface to insiders or attackers who have already breached perimeter defenses or obtained valid credentials, but this does not eliminate risk, especially in environments with weak authentication controls or exposed management interfaces. Additionally, the vulnerability could be leveraged as part of a multi-stage attack to distract or degrade defenses during more sophisticated intrusion attempts. Given the critical role of Asterisk in many European organizations' telephony infrastructure, even a medium-severity DoS can have significant operational impact.

Mitigation Recommendations

Organizations should immediately audit their Asterisk deployments to identify affected versions (16.28, 18.14, 19.6, certified/18.9-cert2). Although no official patches are referenced in the provided data, it is critical to monitor Sangoma's official channels for updates or security advisories addressing this issue. In the interim, practical mitigations include restricting access to Asterisk management and SIP interfaces to trusted networks and users only, employing strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise, and implementing network segmentation to isolate telephony infrastructure from general IT networks. Monitoring and logging subscription-related activities can help detect anomalous or concurrent subscription manipulations indicative of exploitation attempts. Rate limiting SIP subscription requests and employing intrusion detection/prevention systems (IDS/IPS) with SIP protocol awareness can further reduce attack likelihood. Regularly reviewing and rotating credentials, disabling unused services or modules, and applying the principle of least privilege to user accounts with access to Asterisk systems are also recommended. Finally, organizations should prepare incident response plans specifically for telephony outages to minimize operational disruption if exploitation occurs.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-10T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9840c4522896dcbf129b

Added to database: 5/21/2025, 9:09:20 AM

Last enriched: 6/24/2025, 4:10:31 AM

Last updated: 8/1/2025, 9:06:54 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats