Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma certified asterisk vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2022-42706
An issue exists in Sangoma Asterisk up to and including 16.28, 17 and 18 up to and including 18.14, 19 up to and including 19.6, and certified up to and including 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the ...
Sangoma Asterisk
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk
Sangoma Asterisk 20.0.0
7.5
CVSSv3
CVE-2023-49294
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk before 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This al...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
8.2
CVSSv3
CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can excee...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
5.9
CVSSv3
CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk before 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS ...
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk 13.13.0
Sangoma Certified Asterisk 16.8.0
Digium Asterisk 21.0.0
Digium Asterisk
6.5
CVSSv3
CVE-2022-42705
A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated malicious user to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that As...
Sangoma Certified Asterisk 18.9
Sangoma Asterisk
Sangoma Asterisk 20.0.0
9.8
CVSSv3
CVE-2022-23608
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multipl...
Teluu Pjsip
Asterisk Certified Asterisk 16.8.0
Asterisk Certified Asterisk
Sangoma Asterisk
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2021-37706
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not ch...
Teluu Pjsip
Asterisk Certified Asterisk 16.8.0
Asterisk Certified Asterisk
Sangoma Asterisk
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9.1
CVSSv3
CVE-2022-21723
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potential...
Teluu Pjsip
Asterisk Certified Asterisk 16.8.0
Sangoma Asterisk
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated malicious user to prematurely terminate secure calls by replaying SRTP packets.
Digium Certified Asterisk 16.8
Digium Asterisk
6.5
CVSSv3
CVE-2021-26713
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk prior to 16.16.1, 17.x prior to 17.9.2, and 18.x prior to 18.2.1 and Certified Asterisk prior to 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold req...
Digium Certified Asterisk 16.8
Digium Asterisk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »