CVE-2021-32558
📋 TL;DR
This vulnerability in Asterisk IAX2 channel driver allows remote attackers to crash the service by sending packets with unsupported media formats. It affects Asterisk 13.x, 16.x, 17.x, 18.x, and Certified Asterisk installations. The crash leads to denial of service, disrupting telephony services.
💻 Affected Systems
- Sangoma Asterisk
- Certified Asterisk
📦 What is this software?
Asterisk by Digium
Asterisk by Digium
Asterisk by Digium
Asterisk by Digium
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage of Asterisk telephony services, disrupting all voice communications and potentially affecting business operations.
Likely Case
Service crashes requiring manual restart, causing temporary telephony service disruption until recovery.
If Mitigated
No impact if patched or workarounds implemented; service continues normal operation.
🎯 Exploit Status
Exploit requires sending specially crafted IAX2 packets to vulnerable Asterisk server on IAX2 port (default 4569). No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Asterisk 13.38.3, 16.19.1, 17.9.4, 18.5.1, Certified Asterisk 16.8-cert10
Vendor Advisory: https://downloads.asterisk.org/pub/security/AST-2021-008.html
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download patched version from official Asterisk repository. 3. Stop Asterisk service. 4. Install updated version. 5. Restart Asterisk service. 6. Verify service is running and check version.
🔧 Temporary Workarounds
Disable IAX2 if not needed
linuxRemove or disable IAX2 protocol if not required for your deployment
Comment out IAX2 configuration in /etc/asterisk/iax.conf
Remove IAX2 module loading in /etc/asterisk/modules.conf
Network filtering
linuxRestrict access to IAX2 port (4569) to trusted sources only
iptables -A INPUT -p udp --dport 4569 -s trusted_ip -j ACCEPT
iptables -A INPUT -p udp --dport 4569 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit IAX2 port exposure
- Deploy intrusion detection/prevention systems to detect and block malicious IAX2 packets
🔍 How to Verify
Check if Vulnerable:
Check Asterisk version: asterisk -rx 'core show version' and compare against affected versions. Also verify IAX2 is enabled in configuration.Check Version:
asterisk -rx 'core show version' | grep 'Asterisk'Verify Fix Applied:
After patching, run: asterisk -rx 'core show version' to confirm updated version. Test IAX2 functionality remains operational.📡 Detection & Monitoring
Log Indicators:
- Asterisk crash/restart logs
- IAX2 protocol errors in /var/log/asterisk/full
- Segmentation fault messages
Network Indicators:
- Unusual IAX2 traffic patterns
- Multiple connection attempts to port 4569
- Malformed IAX2 packets
SIEM Query:
source="asterisk.log" AND ("segmentation fault" OR "crash" OR "IAX2 error")🔗 References
- http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html
- http://seclists.org/fulldisclosure/2021/Jul/49
- https://downloads.asterisk.org/pub/security/AST-2021-008.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29392
- https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html
- https://www.debian.org/security/2021/dsa-4999
- http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html
- http://seclists.org/fulldisclosure/2021/Jul/49
- https://downloads.asterisk.org/pub/security/AST-2021-008.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29392
- https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html
- https://www.debian.org/security/2021/dsa-4999
