4 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

asterisk allows calls on prohibited networks asterisk, permite llamadas sobre redes prohibidas • http://downloads.asterisk.org/pub/security/AST-2009-007.html https://access.redhat.com/security/cve/cve-2009-3723 https://security-tracker.debian.org/tracker/CVE-2009-3723 • CWE-863: Incorrect Authorization •

CVSS: 9.0EPSS: 1%CPEs: 117EXPL: 0

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Vulnerabilidad de lista negra incompleta en main/manager.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-8.1.11 antes de cert6, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 permite a usuarios remotos autenticados ejecutar comandos de su elección aprovechándose de los privilegios de origen y proporcionando un valor ExternalIVR en una acción IAM Originate. • http://downloads.asterisk.org/pub/security/AST-2012-012.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securitytracker.com/id?1027460 •

CVSS: 4.0EPSS: 96%CPEs: 72EXPL: 0

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, permite a usuarios autenticados remotamente provocar una denegación de servicio (eliminar la referencia del puntero NULL y caída demonio) por el cierre de una conexión en el modo de descuelgue. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html http://downloads.asterisk.org/pub/security/AST-2012-008.html http://secunia.com/advisories/49303 http://www.debian.org/security/2012/dsa-2493 http://www.securityfocus.com/bid/53723 http://www.securitytracker.com/id?1027103 https://exchange.xforce.ibmcloud.com/vulnerabilities/75937 • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 5%CPEs: 192EXPL: 0

The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. La implementación del protocolo IAX2 en Asterisk Open Source v1.2.x antes de v1.2.35, v1.4.x antes de v1.4.26.2, v1.6.0.x antes de v1.6.0.15, v1.6.1.x antes de v1.6.1.x; Business Edition vB.x.x antes de que vB.2.5.10, vC.2.x antes vC.2.4.3 y vC.3.x antes de C.3.1.1; y S800i v1.3.x antes de v1.3.0.3 permite a atacantes remotos causar una denegación de servicio iniciando muchos intercambios de mensajes IAX2. Se trata de una aunto relacionado con la CVE-2008-3263. • http://downloads.asterisk.org/pub/security/AST-2009-006.html http://secunia.com/advisories/36593 http://securitytracker.com/id?1022819 http://www.securityfocus.com/archive/1/506257/100/0/threaded http://www.securityfocus.com/bid/36275 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •