Vulnerabilites related to asterisk - asterisk
CVE-2024-42491 (GCVE-0-2024-42491)
Vulnerability from cvelistv5
Published
2024-09-05 17:17
Modified
2025-11-03 22:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:48:24.364960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:52:42.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:04:56.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.24.3"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.9.3"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.4.3"
},
{
"status": "affected",
"version": "\u003c 18.9-cert12"
},
{
"status": "affected",
"version": "\u003e= 19.0, \u003c 20.7-cert2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:17:56.961Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"
},
{
"name": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"name": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"
},
{
"name": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"
},
{
"name": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"
}
],
"source": {
"advisory": "GHSA-v428-g3cw-7hv9",
"discovery": "UNKNOWN"
},
"title": "A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-42491",
"datePublished": "2024-09-05T17:17:56.961Z",
"dateReserved": "2024-08-02T14:13:04.619Z",
"dateUpdated": "2025-11-03T22:04:56.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from cvelistv5
Published
2023-12-14 19:40
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49832 (GCVE-0-2025-49832)
Vulnerability from cvelistv5
Published
2025-08-01 17:57
Modified
2025-08-01 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T18:28:56.826749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T18:29:18.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.3"
},
{
"status": "affected",
"version": "\u003e= 20.00.0, \u003c 20.15.1"
},
{
"status": "affected",
"version": "\u003e= 21.00.0, \u003c 21.10.1"
},
{
"status": "affected",
"version": "\u003e= 22.00.0, \u003c 22.5.1"
},
{
"status": "affected",
"version": "\u003e= 20.7-cert6, \u003c 20.7-cert7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:57:29.933Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr"
}
],
"source": {
"advisory": "GHSA-mrq5-74j5-f5cr",
"discovery": "UNKNOWN"
},
"title": "Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49832",
"datePublished": "2025-08-01T17:57:29.933Z",
"dateReserved": "2025-06-11T14:33:57.799Z",
"dateUpdated": "2025-08-01T18:29:18.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1131 (GCVE-0-2025-1131)
Vulnerability from cvelistv5
Published
2025-09-23 04:31
Modified
2025-11-03 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.
Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1131",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T03:55:14.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:31:42.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"safe_asterisk /etc/asterisk/startup.d"
],
"platforms": [
"Linux",
"MacOS"
],
"product": "Asterisk",
"programFiles": [
"safe_asterisk"
],
"repo": "https://github.com/asterisk/asterisk",
"vendor": "Asterisk",
"versions": [
{
"status": "affected",
"version": "Asterisk \u003c=18.26.2",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 20.15.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 21.10.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 22.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdul Mhanni"
}
],
"datePublic": "2025-08-01T05:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local privilege escalation vulnerability exists in the \u003ccode\u003esafe_asterisk\u003c/code\u003e script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all \u003ccode\u003e.sh\u003c/code\u003e files located in \u003ccode\u003e/etc/asterisk/startup.d/\u003c/code\u003e \u003cstrong\u003eas root\u003c/strong\u003e, without validating ownership or permissions.\u003c/p\u003e\n\u003cp\u003eNon-root users with legitimate write access to \u003ccode\u003e/etc/asterisk\u003c/code\u003e can exploit this behaviour by placing malicious scripts in the \u003ccode\u003estartup.d\u003c/code\u003e directory, which will then execute with root privileges upon service restart.\u003c/p\u003e"
}
],
"value": "A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.\n\n\nNon-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T04:31:02.784Z",
"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"shortName": "Gridware"
},
"references": [
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"assignerShortName": "Gridware",
"cveId": "CVE-2025-1131",
"datePublished": "2025-09-23T04:31:02.784Z",
"dateReserved": "2025-02-08T04:11:43.201Z",
"dateUpdated": "2025-11-03T17:31:42.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54995 (GCVE-0-2025-54995)
Vulnerability from cvelistv5
Published
2025-08-28 15:08
Modified
2025-11-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54995",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:53:35.935192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:54:20.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:15.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.4"
},
{
"status": "affected",
"version": "\u003c 18.9-cert17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:08:04.468Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1405",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1405"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1406",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1406"
},
{
"name": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"
},
{
"name": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"
}
],
"source": {
"advisory": "GHSA-557q-795j-wfx2",
"discovery": "UNKNOWN"
},
"title": "Asterisk remotely exploitable leak of RTP UDP ports and internal resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54995",
"datePublished": "2025-08-28T15:08:04.468Z",
"dateReserved": "2025-08-04T17:34:24.420Z",
"dateUpdated": "2025-11-03T17:45:15.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from cvelistv5
Published
2023-12-14 19:47
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3723 (GCVE-0-2009-3723)
Vulnerability from cvelistv5
Published
2019-10-29 12:42
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- calls allowed on prohibited networks in asterisk
Summary
asterisk allows calls on prohibited networks
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "All 1.6.1 versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asterisk allows calls on prohibited networks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "calls allowed on prohibited networks in asterisk",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T12:42:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "asterisk",
"version": {
"version_data": [
{
"version_value": "All 1.6.1 versions"
}
]
}
}
]
},
"vendor_name": "asterisk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asterisk allows calls on prohibited networks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "calls allowed on prohibited networks in asterisk"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3723",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"name": "https://access.redhat.com/security/cve/cve-2009-3723",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3723",
"datePublished": "2019-10-29T12:42:08",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57767 (GCVE-0-2025-57767)
Vulnerability from cvelistv5
Published
2025-08-28 15:33
Modified
2025-08-28 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-253 - Incorrect Check of Function Return Value
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:12:27.086945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:12:35.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 22.5.2"
},
{
"status": "affected",
"version": "\u003c 21.10.2"
},
{
"status": "affected",
"version": "\u003c 20.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn\u0027t in a previous 401 response\u0027s WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn\u0027t being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:33:00.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1407",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1407"
},
{
"name": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f"
}
],
"source": {
"advisory": "GHSA-64qc-9x89-rx5j",
"discovery": "UNKNOWN"
},
"title": "Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57767",
"datePublished": "2025-08-28T15:33:00.087Z",
"dateReserved": "2025-08-19T15:16:22.917Z",
"dateUpdated": "2025-08-28T17:12:35.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from cvelistv5
Published
2023-12-14 19:43
Modified
2025-02-13 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42365 (GCVE-0-2024-42365)
Vulnerability from cvelistv5
Published
2024-08-08 16:29
Modified
2025-11-03 22:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "certified_asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.9-cert11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.7-cert2",
"status": "affected",
"version": "19.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.24.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.9.2",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
},
{
"lessThan": "21.4.2",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42365",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T16:38:45.608389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:49:00.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:04:48.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.24.2"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.9.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.4.2"
},
{
"status": "affected",
"version": "\u003c 18.9-cert11"
},
{
"status": "affected",
"version": "\u003e= 19.0, \u003c 20.7-cert2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T16:29:07.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"
},
{
"name": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"name": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"name": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"
},
{
"name": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"
},
{
"name": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"
},
{
"name": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"
},
{
"name": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"
}
],
"source": {
"advisory": "GHSA-c4cg-9275-6w44",
"discovery": "UNKNOWN"
},
"title": "Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-42365",
"datePublished": "2024-08-08T16:29:07.436Z",
"dateReserved": "2024-07-30T14:01:33.923Z",
"dateUpdated": "2025-11-03T22:04:48.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47780 (GCVE-0-2025-47780)
Vulnerability from cvelistv5
Published
2025-05-22 16:56
Modified
2025-11-03 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:24:44.875844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:25:09.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:38.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.9-cert14"
},
{
"status": "affected",
"version": "\u003e= 18.10, \u003c 18.26.2"
},
{
"status": "affected",
"version": "\u003e= 20.0, \u003c 20.7-cert5"
},
{
"status": "affected",
"version": "\u003e= 20.8, \u003c 20.14.1"
},
{
"status": "affected",
"version": "\u003e= 21.0, \u003c 21.9.1"
},
{
"status": "affected",
"version": "\u003e= 22.0, \u003c 22.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:56:28.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"
}
],
"source": {
"advisory": "GHSA-c7p6-7mvq-8jq2",
"discovery": "UNKNOWN"
},
"title": "cli_permissions.conf: deny option does not work for disallowing shell commands"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47780",
"datePublished": "2025-05-22T16:56:28.937Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-11-03T20:04:38.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47779 (GCVE-0-2025-47779)
Vulnerability from cvelistv5
Published
2025-05-22 16:54
Modified
2025-11-03 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:25:58.891881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:26:57.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:36.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.9-cert14"
},
{
"status": "affected",
"version": "\u003e= 18.10, \u003c 18.26.2"
},
{
"status": "affected",
"version": "\u003e= 20.0, \u003c 20.7-cert5"
},
{
"status": "affected",
"version": "\u003e= 20.8, \u003c 20.14.1"
},
{
"status": "affected",
"version": "\u003e= 21.0, \u003c 21.9.1"
},
{
"status": "affected",
"version": "\u003e= 22.0, \u003c 22.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-140",
"description": "CWE-140: Improper Neutralization of Delimiters",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-792",
"description": "CWE-792: Incomplete Filtering of One or More Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:54:26.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"
}
],
"source": {
"advisory": "GHSA-2grh-7mhv-fcfw",
"discovery": "UNKNOWN"
},
"title": "Using malformed From header can forge identity with \";\" or NULL in name portion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47779",
"datePublished": "2025-05-22T16:54:26.314Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-11-03T20:04:36.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35190 (GCVE-0-2024-35190)
Vulnerability from cvelistv5
Published
2024-05-17 16:55
Modified
2024-08-02 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:21.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "21.3.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:20.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "20.8.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:18.23.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "18.23.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T19:33:53.154042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:28:38.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
},
{
"name": "https://github.com/asterisk/asterisk/pull/600",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/pull/600"
},
{
"name": "https://github.com/asterisk/asterisk/pull/602",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/pull/602"
},
{
"name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "= 21.3.0"
},
{
"status": "affected",
"version": "= 20.8.0"
},
{
"status": "affected",
"version": "= 18.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480: Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T16:55:41.346Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
},
{
"name": "https://github.com/asterisk/asterisk/pull/600",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/600"
},
{
"name": "https://github.com/asterisk/asterisk/pull/602",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/602"
},
{
"name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
}
],
"source": {
"advisory": "GHSA-qqxj-v78h-hrf9",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027 res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35190",
"datePublished": "2024-05-17T16:55:41.346Z",
"dateReserved": "2024-05-10T14:24:24.341Z",
"dateUpdated": "2024-08-02T03:07:46.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}