Asterisk@14.1.1 Security Vulnerabilities and Issues — Asterisk@14.1.1 CVE List

Lucene search

DigiumAsterisk14.1.1

7 matches found

CVE•added 2017/09/02 4:29 p.m.•139 views

CVE-2017-14100

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the Miniv...

9.8CVSS9.5AI score0.34964EPSS

CVE•added 2017/09/02 4:29 p.m.•87 views

CVE-2017-14099

In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "stri...

7.5CVSS8.1AI score0.00368EPSS

CVE•added 2017/10/10 1:30 a.m.•83 views

CVE-2017-14603

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow r...

7.5CVSS7.5AI score0.00747EPSS

CVE•added 2017/04/10 2:59 p.m.•79 views

CVE-2017-7617

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

8.8CVSS8.9AI score0.18441EPSS

CVE•added 2017/09/02 4:29 p.m.•74 views

CVE-2017-14098

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

7.5CVSS7.3AI score0.40123EPSS

CVE•added 2016/12/12 9:59 p.m.•73 views

CVE-2016-9938

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content betwee...

5.3CVSS5.3AI score0.01419EPSS

CVE•added 2016/12/12 9:59 p.m.•43 views

CVE-2016-9937

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes....

7.5CVSS7.5AI score0.00303EPSS