CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2021-26712 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-26712
18 Feb 2021 — Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. Los controles de acceso incorrectos en el archivo res_srtp.c en Sangoma Asterisk versiones 13.38.1, 16.16.0, 17.9.1 y 18.2.0 y Certified Asterisk 16.8-cert5, permite a un atacante remoto no autenticado finalizar prematuramente llamadas seguras al reproducir paquetes SRTP An u... • http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-35776 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2020-35776
18 Feb 2021 — A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. Un desbordamiento del búfer en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones 13.38.1, 16.15.1, 17.9.1 y 18.1.1, permite a un atacante remoto bloquear Asterisk al hacer un uso inapropiado deliberadamente de las respuestas SIP 181 If a registered user is tricked into dialing a malicious number that sen... • http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2021-26906 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-26906
18 Feb 2021 — An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. Se detectó un problema en el archivo res_pjsip_session.c en Digium Asterisk versiones hasta 13.38.1; 14.x, 15.x y 16.xa 16.16.0;&... • http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26717 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-26717
18 Feb 2021 — An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. Se detectó un problema en Sangoma Asterisk versiones 16.x anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versione... • http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-35652
https://notcve.org/view.php?id=CVE-2020-35652
29 Jan 2021 — An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. Se detectó un problema en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones anteriores a 13.38.0, versiones 14.x hasta 16.x versiones anteriores a ... • https://downloads.asterisk.org/pub/security/AST-2020-003.html •
CVSS: 9.0EPSS: 43%CPEs: 11EXPL: 0CVE-2019-18610 – Asterisk Project Security Advisory - AST-2019-007
https://notcve.org/view.php?id=CVE-2019-18610
21 Nov 2019 — An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Se detectó un problema en el archivo manager.c en Sangoma Asterisk versiones hasta 13.x, 16.x, 17.x y Certified Asterisk versiones 13.21 hasta 13.21-cert4. Un usuario de Asterisk Manager Interface (AM... • http://downloads.asterisk.org/pub/security/AST-2019-007.html • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 7%CPEs: 11EXPL: 0CVE-2019-18790 – Asterisk Project Security Advisory - AST-2019-006
https://notcve.org/view.php?id=CVE-2019-18790
21 Nov 2019 — An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option i... • http://downloads.asterisk.org/pub/security/AST-2019-006.html • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 1%CPEs: 144EXPL: 0CVE-2012-4737 – Debian Security Advisory 2550-2
https://notcve.org/view.php?id=CVE-2012-4737
30 Aug 2012 — channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v... • http://downloads.asterisk.org/pub/security/AST-2012-013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 195EXPL: 0CVE-2011-2535 – Debian Security Advisory 2276-2
https://notcve.org/view.php?id=CVE-2011-2535
06 Jul 2011 — chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v... • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 198EXPL: 0CVE-2011-2536 – Gentoo Linux Security Advisory 201110-21
https://notcve.org/view.php?id=CVE-2011-2536
29 Jun 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2,... • http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •