CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability.

In this blog, we will show you how to fix Remote Procedure Call (RPC) vulnerability in Asterisk. Asterisk is an open source application software that can be installed on Linux, Windows, or Mac OS. It is a complete PBX solution that allows users to make and receive voice calls anywhere in the world with the help of telephone numbers.

What is Remote Procedure Call?

In software engineering, the term “remote procedure call” refers to a procedure in which one function calls another function that is located in a different module or process.

How to Fix Remote Procedure Call Vulnerability in Asterisk?

To fix this vulnerability, please create a new line at the top of /etc/asterisk/config.conf with the following code:

[general] autolisten=yes

This will automatically start the server on startup.

How to Fix Remote Procedure Call (RPC) Vulnerability in Asterisk?

To fix the RPC vulnerability in Asterisk, it is necessary to first use chkconfig to stop and disable the rpcbind service. Then, we will need to create a new file called /etc/asterisk/rpc.conf and fill it out with the contents below:

[general]
rpcuser=xxxxx
rpcpassword=xxxxx
rpcclienturl=http://192.168.1.35:5060/asterisk/connect
[/general]

How to check whether Asterisk is vulnerable to RPC?

Asterisk version 1.8.0 onwards has a vulnerability in the RPC framework. If you are using any of these versions, it is recommended that you upgrade to the latest version as soon as possible.

1. Asterisk version 2.6 or later
2. Asterisk version 13 or later
3. Asterisk version 10 or later
4. Asterisk version 8 or later
5. Asterisk versions earlier than 2.6 can be upgraded to 2.6 by following the instructions provided in this blog post

How to Fix Remote Procedure Call in Asterisk?

To fix the RPC vulnerability, you will need to configure your Asterisk server on a Linux or Windows system. The procedure is as follows:

1) Login to your Asterisk server via SSH or telnet
2) Create an empty file called /etc/asterisk/config.local
3) Add these lines to the file:
4) Restart Asterisk for the changes to take effect
5) Test that the vulnerability has been fixed
This blog will continue with more information on how to fix Remote Procedure Call vulnerability in Asterisk.

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/18/2022 20:54:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22019
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22019