Certified Asterisk Security Vulnerabilities and Issues — Certified Asterisk CVE List

Lucene search

DigiumCertified Asterisk

10 matches found

CVE•added 2014/11/24 3:59 p.m.•121 views

CVE-2014-8418

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol,...

9CVSS6.3AI score0.00993EPSS

CVE•added 2014/04/18 10:14 p.m.•90 views

CVE-2014-2287

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service ...

3.5CVSS7AI score0.22862EPSS

CVE•added 2014/06/17 2:55 p.m.•84 views

CVE-2014-4047

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTT...

5CVSS6.5AI score0.11713EPSS

CVE•added 2014/11/26 3:59 p.m.•74 views

CVE-2014-6610

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax di...

4CVSS3.7AI score0.01176EPSS

CVE•added 2014/04/18 10:14 p.m.•69 views

CVE-2014-2286

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an...

7.5CVSS7.6AI score0.46214EPSS

CVE•added 2014/11/24 3:59 p.m.•64 views

CVE-2014-8412

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to by...

5CVSS6.4AI score0.00339EPSS

CVE•added 2014/06/17 2:55 p.m.•63 views

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

6.5CVSS7.1AI score0.03222EPSS

CVE•added 2014/12/12 3:59 p.m.•60 views

CVE-2014-9374

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length f...

5CVSS6.5AI score0.49122EPSS

CVE•added 2014/11/24 3:59 p.m.•59 views

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary syst...

6.5CVSS7.2AI score0.00693EPSS

CVE•added 2014/11/24 3:59 p.m.•50 views

CVE-2014-8414

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from ...

5CVSS6.5AI score0.01474EPSS