CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability.

CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability.

In this blog, we will show you how to fix Remote Procedure Call (RPC) vulnerability in Asterisk. Asterisk is an open source application software that can be installed on Linux, Windows, or Mac OS. It is a complete PBX solution that allows users to make and receive voice calls anywhere in the world with the help of telephone numbers.

What is Remote Procedure Call?

In software engineering, the term “remote procedure call” refers to a procedure in which one function calls another function that is located in a different module or process.

How to fix RPC vulnerability in Asterisk?

Asterisk is an open source application software that can be installed on Linux, Windows, or Mac OS. It is a complete PBX solution that allows users to make and receive voice calls anywhere in the world with the help of telephone numbers.
Exploiters use RPC vulnerability to launch Denial Of Service (DoS) attacks and cause the Asterisk server to stop responding to any incoming calls.
The RPC vulnerability in Asterisk can be easily fixed by updating it. To update your Asterisk server, restart your server and then follow these steps:
1. Log into your server using SSH
2. Run these commands:
3. Run these commands:
4. Update zaptel driver:
5. Restart your phone system

How to Install and Set Up Asterisk

1. The first step is to download and unzip the Asterisk source code. You can follow the instructions on their website (http://www.asterisk.org) to find the latest release or download it from a mirror site. When you have downloaded and uncompressed the source code, change directories into the directory that you just unzipped, and execute:
./configure --enable-g729 --enable-spandsp
This will configure Asterisk for use with GSM voicemail, which you must have installed if you want to use GSM voicemail with your Asterisk installation.
2. Now run: make && make install && /etc/init.d/asterisk restart
3. If you are installing Asterisk on a server, make sure that /var/run/asterisk exists before running the above commands; otherwise, they will fail with an error like "Can't write to 'x'. It may be busy."
4. If you are allowed by your server administrator to add files in /var/log, create a file called "astrxcmd" there with contents of: "/sbin/rescue -f /sbin/rescue -t 5 -e 1".

How to Fix Remote Procedure Call in Asterisk?

1. On the Asterisk server, navigate to /etc/asterisk/rpc.conf
2. Add the following line in the file:
3. Restart Asterisk for changes to take effect

How to detect Remote Procedure Call?

In order to detect Remote Procedure Call, we would need to be able to identify the function that calls. In Asterisk, this is done by the PLUGSTS string in the dialplan.

C:\Program Files\Asterisk\sounds\PLUGSTS

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe