Vulnerability: Asterisk PJSIP Endpoint Presence Disclosure CVE-2018-12227


Our router is reporting many many malicious events:

I have searched the web and found this:

CVE-2018-12227: This vulnerability is caused by improper handling of SIP requests to target systems configured with endpoint-specific ACL rules. In general, when the endpoint specified in the SIP request does not exist, Asterisk will return a “401 Unauthorized” response. When the endpoint configures an ACL, if the SIP request does not comply with the ACL rule, it will return a “403 Disabled” response. Unauthorized attackers can use this vulnerability to enumerate existing SIP endpoints and obtain sensitive data that can cause other attacks.

Model: UCM6102 V1.5A, Base
I checked the release notes for and I do not see this issue addressed

Is this know to other users out there? Is something Grandstream should be fixing?


There is a notice at to upgrade due to security issue.


Thanks costwisewpg
I will update the firmware
When I read the release notes I was looking for bug fices, not new features :wink:
The release note says

• PJSIPShowEndpoint – Shows the information of an individual SIP endpoint. Functionally similar to
Asterisk’s SIPshowpeer command.
• PJSIPShowEndpoint – Shows the information of all SIP endpoints. Functionally similar to Asteriks’s
SIPshowpeer command.

Will the new firmware fix the problem with no further input from me or do I need to adjust some new settings?


this is the latest fw for the UCM6100 series, if you have not updated, update, if you have already updated you should open a ticket.