Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2021-37706
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not ch...
Teluu Pjsip
Asterisk Certified Asterisk 16.8.0
Asterisk Certified Asterisk
Sangoma Asterisk
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-35776
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote malicious user to crash Asterisk by deliberately misusing SIP 181 responses.
Digium Asterisk
5
CVSSv2
CVE-2019-15639
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote malicious user to send a specific RTP packet during a call and cause a crash in a specific scenario.
Digium Asterisk
5
CVSSv2
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated malicious user to prematurely terminate secure calls by replaying SRTP packets.
Digium Asterisk
Digium Certified Asterisk 16.8
NA
CVE-2023-26566
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote malicious users to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API.
9
CVSSv2
CVE-2019-18610
An issue exists in manager.c in Sangoma Asterisk up to and including 13.x, 16.x, 17.x and Certified Asterisk 13.21 up to and including 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AM...
Digium Certified Asterisk 13.21.0
Digium Asterisk
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4
CVSSv2
CVE-2019-15297
res_pjsip_t38 in Sangoma Asterisk 15.x prior to 15.7.4 and 16.x prior to 16.5.1 allows an malicious user to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
Digium Asterisk
4
CVSSv2
CVE-2021-26713
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk prior to 16.16.1, 17.x prior to 17.9.2, and 18.x prior to 18.2.1 and Certified Asterisk prior to 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold req...
Digium Asterisk
Digium Certified Asterisk 16.8
5
CVSSv2
CVE-2019-18976
An issue exists in res_pjsip_t38.c in Sangoma Asterisk up to and including 13.x and Certified Asterisk up to and including 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. Thi...
Digium Certified Asterisk 13.21
Digium Asterisk
Debian Debian Linux 9.0
4
CVSSv2
CVE-2020-35652
An issue exists in res_pjsip_diversion.c in Sangoma Asterisk prior to 13.38.0, 14.x up to and including 16.x prior to 16.15.0, 17.x prior to 17.9.0, and 18.x prior to 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or w...
Digium Asterisk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »