Sangoma

Asterisk

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-1131

Exploit
  • EPSS 0.04%
  • Veröffentlicht 23.09.2025 05:15:35
  • Zuletzt bearbeitet 03.11.2025 18:15:48

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc...

7.5

CVE-2025-57767

  • EPSS 0.09%
  • Veröffentlicht 28.08.2025 15:33:00
  • Zuletzt bearbeitet 20.10.2025 17:51:12

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Aut...

6.5

CVE-2025-54995

Exploit
  • EPSS 0.46%
  • Veröffentlicht 28.08.2025 15:16:02
  • Zuletzt bearbeitet 03.11.2025 18:17:00

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustio...

7.8

CVE-2025-47780

Exploit
  • EPSS 0.09%
  • Veröffentlicht 22.05.2025 16:56:28
  • Zuletzt bearbeitet 03.11.2025 20:19:05

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk c...

6.5

CVE-2025-47779

Exploit
  • EPSS 0.11%
  • Veröffentlicht 22.05.2025 16:54:26
  • Zuletzt bearbeitet 03.11.2025 20:19:05

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do ...

9.8

CVE-2024-57520

  • EPSS 1.36%
  • Veröffentlicht 05.02.2025 22:15:32
  • Zuletzt bearbeitet 06.11.2025 13:15:35

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the As...

5.5

CVE-2024-53566

  • EPSS 0.02%
  • Veröffentlicht 02.12.2024 18:15:11
  • Zuletzt bearbeitet 06.02.2025 02:15:10

An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

5.7

CVE-2024-42491

  • EPSS 1.46%
  • Veröffentlicht 05.09.2024 18:15:05
  • Zuletzt bearbeitet 03.11.2025 22:18:06

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion ...

5.3

CVE-2024-35190

Exploit
  • EPSS 0.47%
  • Veröffentlicht 17.05.2024 17:15:07
  • Zuletzt bearbeitet 26.08.2025 16:19:01

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

7.5

CVE-2022-37325

  • EPSS 0.26%
  • Veröffentlicht 05.12.2022 21:15:10
  • Zuletzt bearbeitet 24.04.2025 15:15:47

In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.