📦 Asterisk
by Sangoma
🔍 What is Asterisk?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-57520 is an insecure permissions vulnerability in Asterisk v22 that allows directory traversal via the action_createconfig function. This could enable arbitrary file creation outside the Aste...
A local privilege escalation vulnerability in Asterisk's safe_asterisk script allows non-root users with write access to /etc/asterisk to execute arbitrary code as root. This occurs because the script...
This vulnerability in Asterisk allows remote attackers to cause a denial of service (crash) by sending specially crafted SIP requests with malformed Authorization headers. The crash occurs due to a NU...
This vulnerability in Asterisk PBX allows authenticated attackers to spoof user identities when sending SIP MESSAGE requests, enabling them to send spam messages that appear to come from trusted sourc...
This CVE describes a use-after-free vulnerability in PJSIP library versions up to 2.11.1 that occurs in dialog set scenarios. When multiple UAC dialogs share a hash key, premature freeing can cause ha...
CVE-2021-37706 is an integer underflow vulnerability in PJSIP's STUN message processing that allows remote code execution. Attackers on the same network can send specially crafted UDP packets to execu...
Asterisk has a vulnerability in its STIR/SHAKEN verification module that allows remote attackers to cause denial of service or potentially execute arbitrary code. This affects Asterisk installations w...
A path traversal vulnerability in the action_listcategories() function of Asterisk allows attackers to access files outside the intended directory. This affects Asterisk versions 22.0.0 through 22.0.0...
Asterisk versions 18.23.0 incorrectly identify all unauthorized SIP requests as coming from the local PJSIP endpoint, potentially allowing unauthorized access to telephony services. This affects Aster...
This vulnerability allows cross-site scripting (XSS) attacks in Asterisk's web interface. Attackers can inject malicious scripts via cookies or GET parameters, which execute when users visit the /http...
This CVE describes an XML External Entity (XXE) vulnerability in Asterisk's XML parsing function. It allows attackers to read sensitive files from the host system when untrusted XML is processed. Affe...