113 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-16672
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A...
Linux Distros Unpatched Vulnerability : CVE-2018-12227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before...
Linux Distros Unpatched Vulnerability : CVE-2021-46837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to...
Linux Distros Unpatched Vulnerability : CVE-2021-32558
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before...
Linux Distros Unpatched Vulnerability : CVE-2019-13161
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through...
Linux Distros Unpatched Vulnerability : CVE-2025-47780
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cer...
DEBIAN-CVE-2025-47780
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...
Asterisk AMI Originate Authenticated RCE
On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...
CVE-2024-49215
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2024-49215
...
CVE-2024-49215
CVE-2024-49215 is a reservation/duplicate of CVE-2023-49294. The connected documents detail CVE-2023-49294 as an Asterisk vulnerability allowing reading arbitrary files when live_dangerously is not enabled; fixes are present in Asterisk releases such as 18.20.1, 20.5.1, and 21.0.1 (per Nessus/Deb...
ROS-20240918-14
A vulnerability in Asterisk and Certified Asterisk IP telephony management systems is related to errors in sending a SIP request to a URI. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service and shutdown...
The vulnerability of Asterisk IP-telephony management systems and Certified Asterisk, related to errors in sending SIP requests to URIs, allows attackers to trigger an emergency termination of the application’s operation.
The vulnerability of Asterisk IP-telephony systems and Certified Asterisk is related to errors in sending SIP requests with URIs. Exploiting this vulnerability can allow a malicious actor to cause service failures and terminate operations remotely...
PT-2024-5928 · Sangoma +2 · Asterisk +3
Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.24.3, 20.9.3, and 21.4.3 Certified Asterisk versions prior to 18.9-cert12 and 20.7-cert2 Description: The issue is related to errors in sending SIP requests to URIs. If Asterisk attempts to send a SIP request to ...
The vulnerability of the PJSIP_HEADER() function in Asterisk IP telephony management systems and Certified Asterisk versions allows attackers to trigger a service failure.
The vulnerability of the PJSIPHEADER function in Asterisk IP telephony systems and Certified Asterisk is related to the operation of writing data beyond the buffer in memory when processing the update argument. Exploiting this vulnerability can allow a malicious actor to cause service failures...
DEBIAN-CVE-2023-49294
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the livedangerously is not enabled. This allows arbitrary fil...
CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when...
Asterisk Path Traversal Vulnerability
Asterisk is a software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. A path traversal vulnerability exists in Asterisk versions prior to 18.20.1, prior to 20.5.1, and prior to 21.0.1, and in Certified-asterisk versions prior to 18.9-cert6, which stem...
Asterisk Security Vulnerabilities
Asterisk is a software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. A security vulnerability exists in Asterisk versions prior to 18.20.1, prior to 20.5.1, and prior to 21.0.1, and prior to Certified-asterisk 18.9-cert6, which stems from a contentio...
SUSE CVE-2017-17664
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack...