Asterisk

Asterisk

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-1131

Exploit
  • EPSS 0.04%
  • Published 23.09.2025 05:15:35
  • Last modified 08.10.2025 20:35:00

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc...

7.5

CVE-2025-57767

  • EPSS 0.12%
  • Published 28.08.2025 15:33:00
  • Last modified 29.08.2025 16:24:29

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Aut...

6.5

CVE-2025-54995

  • EPSS 0.28%
  • Published 28.08.2025 15:16:02
  • Last modified 29.08.2025 16:24:29

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustio...

6.5

CVE-2025-49832

  • EPSS 0.18%
  • Published 01.08.2025 17:57:29
  • Last modified 04.08.2025 15:06:15

Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk...

4.8

CVE-2025-47780

  • EPSS 0.08%
  • Published 22.05.2025 16:56:28
  • Last modified 23.05.2025 15:55:02

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk c...

7.7

CVE-2025-47779

  • EPSS 0.09%
  • Published 22.05.2025 16:54:26
  • Last modified 23.05.2025 15:55:02

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do ...

9.8

CVE-2024-57520

  • EPSS 0.76%
  • Published 05.02.2025 22:15:32
  • Last modified 06.02.2025 16:15:40

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function

5.7

CVE-2024-42491

  • EPSS 0.44%
  • Published 05.09.2024 18:15:05
  • Last modified 26.08.2025 17:47:36

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion ...

8.8

CVE-2024-42365

Exploit
  • EPSS 34.24%
  • Published 08.08.2024 17:15:19
  • Last modified 16.09.2024 20:23:18

Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all confi...

5.3

CVE-2024-35190

Exploit
  • EPSS 0.24%
  • Published 17.05.2024 17:15:07
  • Last modified 26.08.2025 16:19:01

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.