Certified Asterisk Security Vulnerabilities and Issues — Certified Asterisk CVE List

Lucene search

DigiumCertified Asterisk

8 matches found

CVE•added 2019/07/12 8:15 p.m.•344 views

CVE-2019-12827

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

6.5CVSS5.6AI score0.19587EPSS

CVE•added 2019/11/22 5:15 p.m.•158 views

CVE-2019-18790

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls ...

6.5CVSS6.5AI score0.07418EPSS

CVE•added 2021/02/19 8:15 p.m.•127 views

CVE-2021-26713

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. ...

6.5CVSS6.4AI score0.00164EPSS

CVE•added 2018/02/22 12:29 a.m.•86 views

CVE-2018-7286

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and...

6.5CVSS6.4AI score0.5653EPSS

CVE•added 2016/02/22 3:59 p.m.•67 views

CVE-2016-2232

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correc...

6.5CVSS6.2AI score0.07852EPSS

CVE•added 2014/06/17 2:55 p.m.•63 views

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

6.5CVSS7.1AI score0.03222EPSS

CVE•added 2014/11/24 3:59 p.m.•59 views

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary syst...

6.5CVSS7.2AI score0.00693EPSS

CVE•added 2012/08/31 2:55 p.m.•56 views

CVE-2012-4737

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certai...

6CVSS6.1AI score0.01504EPSS