CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-47780 – cli_permissions.conf: deny option does not work for disallowing shell commands
https://notcve.org/view.php?id=CVE-2025-47780
22 May 2025 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expe... • https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-47779 – Using malformed From header can forge identity with ";" or NULL in name portion
https://notcve.org/view.php?id=CVE-2025-47779
22 May 2025 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to c... • https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample • CWE-140: Improper Neutralization of Delimiters CWE-792: Incomplete Filtering of One or More Instances of Special Elements •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42491 – A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
https://notcve.org/view.php?id=CVE-2024-42491
05 Sep 2024 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are ... • https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 35%CPEs: 5EXPL: 1CVE-2024-42365 – Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
https://notcve.org/view.php?id=CVE-2024-42365
08 Aug 2024 — Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privil... • https://packetstorm.news/files/id/182935 • CWE-267: Privilege Defined With Unsafe Actions CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35190 – Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
https://notcve.org/view.php?id=CVE-2024-35190
17 May 2024 — Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. Asterisk es un conjunto de herramientas de telefonía y centralita privada de código abierto. Después de la actualización a 18.23.0, TODAS las solicitudes SIP no autorizadas se identifican como endpoint PJSIP del servidor asterisk local. • https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-480: Use of Incorrect Operator CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 6CVE-2023-49786 – Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
https://notcve.org/view.php?id=CVE-2023-49786
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerabl... • https://packetstorm.news/files/id/176251 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 31EXPL: 0CVE-2023-37457 – Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
https://notcve.org/view.php?id=CVE-2023-37457
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an out... • https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 10%CPEs: 31EXPL: 1CVE-2023-49294 – Asterisk Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-49294
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Asterisk es un conjunto de herramientas de telefonía y centralita pri... • https://packetstorm.news/files/id/177819 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 1%CPEs: 144EXPL: 0CVE-2012-4737 – Debian Security Advisory 2550-2
https://notcve.org/view.php?id=CVE-2012-4737
30 Aug 2012 — channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v... • http://downloads.asterisk.org/pub/security/AST-2012-013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 195EXPL: 0CVE-2011-2535 – Debian Security Advisory 2276-2
https://notcve.org/view.php?id=CVE-2011-2535
06 Jul 2011 — chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v... • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff • CWE-20: Improper Input Validation •