Page 1 of 1

Asterisk Project Security Advisory - AST-2017-005

PostPosted: Sun May 06, 2018 6:07 pm
by thephaseusa
If this has already been covered in a previous thread please let me know.

Here is the potential concern: rtp streams could be hijacked and voip calls eavesdropped on. It seems asterisk has put out patches for versions from 11 up to 14. Here is asterisk’s advisory:

http://seclists.org/fulldisclosure/2017/Aug/43

I just checked my asterisk dialer. It is set to nat=force_rport,comedia and my carrier config has nat=no. But I did recently go from public facing servers to behind nat servers, and I was concerned I might be using nat=yes.

This issue is almost a year old. Is it something that should concern vicibox/vicidial users?

Thanks,
John M