Asterisk Security Vulnerabilities and Issues — Asterisk CVE List

Lucene search

DigiumAsterisk

9 matches found

CVE•added 2014/11/24 3:59 p.m.•121 views

CVE-2014-8418

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol,...

9CVSS6.3AI score0.00993EPSS

CVE•added 2014/11/26 3:59 p.m.•74 views

CVE-2014-6610

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax di...

4CVSS3.7AI score0.01176EPSS

CVE•added 2014/11/24 3:59 p.m.•64 views

CVE-2014-8412

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to by...

5CVSS6.4AI score0.00339EPSS

CVE•added 2014/11/24 3:59 p.m.•59 views

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary syst...

6.5CVSS7.2AI score0.00693EPSS

CVE•added 2014/11/24 3:59 p.m.•57 views

CVE-2014-8415

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringin...

5CVSS6.8AI score0.00703EPSS

CVE•added 2014/11/26 3:59 p.m.•53 views

CVE-2014-6609

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

4CVSS6.3AI score0.00614EPSS

CVE•added 2014/11/24 3:59 p.m.•50 views

CVE-2014-8414

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from ...

5CVSS6.5AI score0.01474EPSS

CVE•added 2014/11/24 3:59 p.m.•43 views

CVE-2014-8413

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.

7.5CVSS6.8AI score0.00254EPSS

CVE•added 2014/11/24 3:59 p.m.•39 views

CVE-2014-8416

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel t...

5CVSS6.8AI score0.00824EPSS