2 matches found
CVE-2022-26499
CVE-2022-26499 describes an SSRF vulnerability in Asterisk up to 19.x. When STIR/SHAKEN is used, an attacker can craft requests via the Identity header to interfaces such as localhost, enabling arbitrary GET-like requests. The issue is fixed in Asterisk releases 16.25.2, 18.11.2, and 19.3.2. This...
Asterisk Multiple Vulnerabilities (AST-2022-001, AST-2022-002)
Asterisk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if description...