How severe is CVE-2023-49786?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-49786?

This is classified as CWE-703, which is a common weakness in software security.

CVE-2023-49786

MEDIUM Year: 2023

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-703

View all →

Vulnerability Description

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

CVE-2023-35867

MEDIUM

CVSS:5.9(Medium)

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this ...

CWE-7032023

CVE-2023-51443

MEDIUM

CVSS:5.9(Medium)

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version ...

CWE-7032023

CVE-2024-31883

MEDIUM

CVSS:5.9(Medium)

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-F...

CWE-7032024

CVE-2024-9104

MEDIUM

CVSS:5.6(Medium)

The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated va...

CWE-7032024

CVE-2023-21026

MEDIUM

CVSS:5.5(Medium)

In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of...

CWE-7032023

CVE-2023-21036

MEDIUM

CVSS:5.5(Medium)

In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A

CWE-7032023

CVE-2023-49786

Vulnerability Description

Related Vulnerabilities

CVE-2023-35867

CVE-2023-51443

CVE-2024-31883

CVE-2024-9104

CVE-2023-21026

CVE-2023-21036