// For flags

CVE-2021-32558

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

Se ha detectado un problema en Sangoma Asterisk versiones: 13.x anteriores a 13.38.3, versiones 16.x anteriores a 16.19.1, versiones 17.x anteriores a 17.9.4, y versiones 18.x anteriores a 18.5.1, y Certified Asterisk versiones anteriores a 16.8-cert10. Si el controlador del canal IAX2 recibe un paquete que contiene un formato de medios no compatible, puede ocurrir un bloqueo

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-05-11 CVE Reserved
  • 2021-07-22 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 13.0.0 < 13.38.3
Search vendor "Digium" for product "Asterisk" and version " >= 13.0.0 < 13.38.3"
-
Affected
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 16.0.0 < 16.19.1
Search vendor "Digium" for product "Asterisk" and version " >= 16.0.0 < 16.19.1"
-
Affected
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 17.0.0 < 17.9.4
Search vendor "Digium" for product "Asterisk" and version " >= 17.0.0 < 17.9.4"
-
Affected
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 18.0.0 < 18.15.1
Search vendor "Digium" for product "Asterisk" and version " >= 18.0.0 < 18.15.1"
-
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
-
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert1-rc1
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert1-rc2
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert1-rc3
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert1-rc4
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert2
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert3
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert4
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert4-rc1
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert4-rc2
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert4-rc3
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert4-rc4
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert5
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert6
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert7
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert8
Affected
Digium
Search vendor "Digium"
Certified Asterisk
Search vendor "Digium" for product "Certified Asterisk"
16.8
Search vendor "Digium" for product "Certified Asterisk" and version "16.8"
cert9
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected