Asterisk@12.1.0 Security Vulnerabilities and Issues — Asterisk@12.1.0 CVE List

Lucene search

DigiumAsterisk12.1.0

15 matches found

CVE•added 2015/04/10 3:0 p.m.•93 views

CVE-2015-3008

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name ...

4.3CVSS7.1AI score0.39025EPSS

CVE•added 2014/04/18 10:14 p.m.•90 views

CVE-2014-2287

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service ...

3.5CVSS7AI score0.22862EPSS

CVE•added 2014/06/17 2:55 p.m.•84 views

CVE-2014-4047

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTT...

5CVSS6.5AI score0.11713EPSS

CVE•added 2016/02/22 3:59 p.m.•82 views

CVE-2016-2316

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of ser...

7.1CVSS5.6AI score0.00826EPSS

CVE•added 2014/11/26 3:59 p.m.•74 views

CVE-2014-6610

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax di...

4CVSS3.7AI score0.01176EPSS

CVE•added 2014/04/18 10:14 p.m.•69 views

CVE-2014-2286

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an...

7.5CVSS7.6AI score0.46214EPSS

CVE•added 2016/02/22 3:59 p.m.•67 views

CVE-2016-2232

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correc...

6.5CVSS6.2AI score0.07852EPSS

CVE•added 2014/06/17 2:55 p.m.•63 views

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

6.5CVSS7.1AI score0.03222EPSS

CVE•added 2014/12/12 3:59 p.m.•60 views

CVE-2014-9374

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length f...

5CVSS6.5AI score0.49122EPSS

CVE•added 2014/04/18 10:14 p.m.•59 views

CVE-2014-2289

res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.

3.5CVSS6.1AI score0.17377EPSS

CVE•added 2014/06/17 2:55 p.m.•55 views

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

4.3CVSS6.6AI score0.0667EPSS

CVE•added 2014/04/18 10:14 p.m.•54 views

CVE-2014-2288

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does no...

4.3CVSS6.7AI score0.29877EPSS

CVE•added 2014/11/26 3:59 p.m.•53 views

CVE-2014-6609

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

4CVSS6.3AI score0.00614EPSS

CVE•added 2015/02/09 11:59 a.m.•51 views

CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

3.5CVSS6.4AI score0.17453EPSS

CVE•added 2014/06/17 2:55 p.m.•47 views

CVE-2014-4045

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

4.3CVSS6.7AI score0.0711EPSS