Our router is reporting many many malicious events:
I have searched the web and found this:
CVE-2018-12227: This vulnerability is caused by improper handling of SIP requests to target systems configured with endpoint-specific ACL rules. In general, when the endpoint specified in the SIP request does not exist, Asterisk will return a “401 Unauthorized” response. When the endpoint configures an ACL, if the SIP request does not comply with the ACL rule, it will return a “403 Disabled” response. Unauthorized attackers can use this vulnerability to enumerate existing SIP endpoints and obtain sensitive data that can cause other attacks.
Model: UCM6102 V1.5A, Base 18.104.22.168
I checked the release notes for 22.214.171.124 and I do not see this issue addressed
Is this know to other users out there? Is something Grandstream should be fixing?