CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-47780 – cli_permissions.conf: deny option does not work for disallowing shell commands
https://notcve.org/view.php?id=CVE-2025-47780
22 May 2025 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expe... • https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-47779 – Using malformed From header can forge identity with ";" or NULL in name portion
https://notcve.org/view.php?id=CVE-2025-47779
22 May 2025 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to c... • https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample • CWE-140: Improper Neutralization of Delimiters CWE-792: Incomplete Filtering of One or More Instances of Special Elements •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42491 – A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
https://notcve.org/view.php?id=CVE-2024-42491
05 Sep 2024 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are ... • https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 35%CPEs: 5EXPL: 1CVE-2024-42365 – Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
https://notcve.org/view.php?id=CVE-2024-42365
08 Aug 2024 — Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privil... • https://packetstorm.news/files/id/182935 • CWE-267: Privilege Defined With Unsafe Actions CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35190 – Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
https://notcve.org/view.php?id=CVE-2024-35190
17 May 2024 — Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. Asterisk es un conjunto de herramientas de telefonía y centralita privada de código abierto. Después de la actualización a 18.23.0, TODAS las solicitudes SIP no autorizadas se identifican como endpoint PJSIP del servidor asterisk local. • https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-480: Use of Incorrect Operator CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-46837 – Debian Security Advisory 5285-1
https://notcve.org/view.php?id=CVE-2021-46837
30 Aug 2022 — res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. La funci... • https://downloads.asterisk.org/pub/security/AST-2021-006.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-23608 – Use after free in PJSIP
https://notcve.org/view.php?id=CVE-2022-23608
22 Feb 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior su... • http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-21723 – Out-of-bounds read in multipart parsing in PJSIP
https://notcve.org/view.php?id=CVE-2022-21723
27 Jan 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. • http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-37706 – Potential integer underflow upon receiving STUN message in PJSIP
https://notcve.org/view.php?id=CVE-2021-37706
22 Dec 2021 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a speciall... • http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.3EPSS: 2%CPEs: 16EXPL: 1CVE-2020-28327
https://notcve.org/view.php?id=CVE-2020-28327
06 Nov 2020 — A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog i... • http://downloads.asterisk.org/pub/security/AST-2020-001.html • CWE-404: Improper Resource Shutdown or Release •