5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.6%
Asterisk is an open source private branch exchange and telephony toolkit.
After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as
PJSIP Endpoint of local asterisk server. This vulnerability is fixed in
18.23.1, 20.8.1, and 21.3.1.
github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
github.com/asterisk/asterisk/pull/600
github.com/asterisk/asterisk/pull/602
github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
launchpad.net/bugs/cve/CVE-2024-35190
nvd.nist.gov/vuln/detail/CVE-2024-35190
security-tracker.debian.org/tracker/CVE-2024-35190
www.cve.org/CVERecord?id=CVE-2024-35190
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.6%