This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Digium First view 2003-09-17
Product Asterisk Last view 2023-12-14
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:* 67
cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:* 66
cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:* 66
cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:* 66
cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:* 66
cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:* 65
cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:* 65
cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:* 65
cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:* 65
cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:* 64
cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:* 63
cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:* 63
cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:* 61
cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:* 61
cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:* 60
cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:* 60
cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:* 60
cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:* 60
cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:* 60
cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:* 59
cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:* 59
cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:* 59
cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:* 59
cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:* 59
cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:* 58
cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:* 58
cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:* 58
cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:* 58
cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:* 58
cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:* 58
cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:* 58
cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:* 57
cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:* 57
cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:* 57
cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:* 57
cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:* 57
cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:* 57

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.9 2023-12-14 CVE-2023-49786

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

7.5 2023-12-14 CVE-2023-49294

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

8.2 2023-12-14 CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

6.5 2022-08-30 CVE-2021-46837

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

9.8 2022-04-15 CVE-2022-26651

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.

9.1 2022-04-15 CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

7.5 2022-04-15 CVE-2022-26498

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

7.5 2021-07-30 CVE-2021-32558

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

6.5 2021-07-30 CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

6.5 2021-02-19 CVE-2021-26713

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.

5.9 2021-02-18 CVE-2021-26906

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

7.5 2021-02-18 CVE-2021-26717

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

7.5 2021-02-18 CVE-2021-26712

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

6.5 2021-02-18 CVE-2020-35776

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.

6.5 2021-01-29 CVE-2020-35652

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.

7.5 2019-11-22 CVE-2019-18976

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

6.5 2019-11-22 CVE-2019-18790

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

8.8 2019-11-22 CVE-2019-18610

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

7.5 2019-09-09 CVE-2019-15639

main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.

6.5 2019-09-09 CVE-2019-15297

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

5.3 2019-07-12 CVE-2019-13161

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

6.5 2019-07-12 CVE-2019-12827

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

7.5 2019-05-23 CVE-2016-7550

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).

6.5 2019-03-28 CVE-2019-7251

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

7.5 2018-11-14 CVE-2018-19278

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
18% (16) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (14) CWE-20 Improper Input Validation
9% (8) CWE-399 Resource Management Errors
8% (7) CWE-200 Information Exposure
6% (6) CWE-476 NULL Pointer Dereference
6% (6) CWE-264 Permissions, Privileges, and Access Controls
3% (3) CWE-787 Out-of-bounds Write
3% (3) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
2% (2) CWE-772 Missing Release of Resource after Effective Lifetime
2% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (1) CWE-770 Allocation of Resources Without Limits or Throttling
1% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
1% (1) CWE-617 Reachable Assertion
1% (1) CWE-459 Incomplete Cleanup
1% (1) CWE-404 Improper Resource Shutdown or Release
1% (1) CWE-362 Race Condition
1% (1) CWE-310 Cryptographic Issues
1% (1) CWE-285 Improper Access Control (Authorization)
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
1% (1) CWE-190 Integer Overflow or Wraparound
1% (1) CWE-189 Numeric Errors
1% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99 XML Parser Attack
CAPEC-119 Resource Depletion
CAPEC-121 Locate and Exploit Test APIs
CAPEC-125 Resource Depletion through Flooding
CAPEC-130 Resource Depletion through Allocation
CAPEC-147 XML Ping of Death
CAPEC-197 XEE (XML Entity Expansion)
CAPEC-227 Denial of Service through Resource Depletion
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229 XML Attribute Blowup

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:18041 DSA-1417-1 asterisk - SQL injection
oval:org.mitre.oval:def:12470 DSA-2171-1 asterisk -- buffer overflow
oval:org.mitre.oval:def:12914 DSA-2225-1 asterisk -- several
oval:org.mitre.oval:def:13073 DSA-2276-1 asterisk -- multiple denial of service
oval:org.mitre.oval:def:12933 DSA-2276-2 asterisk -- multiple denial of service
oval:org.mitre.oval:def:18445 DSA-2493-1 asterisk - denial of service
oval:org.mitre.oval:def:15029 DSA-2367-1 asterisk -- several
oval:org.mitre.oval:def:20005 DSA-2550-1 asterisk - several
oval:org.mitre.oval:def:29135 DSA-2550-2 -- asterisk -- several vulnerabilities
oval:org.mitre.oval:def:18564 DSA-2605-1 asterisk - several issues
oval:org.mitre.oval:def:28902 DSA-2605-2 -- asterisk -- several issues
oval:org.mitre.oval:def:18540 DSA-2749-1 asterisk - several
oval:org.mitre.oval:def:20939 DSA-2835-1 asterisk - buffer overflow

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77598 Asterisk channels/chan_sip.c handle_request_info() Function SIP Packet Parsin...
77597 Asterisk Request Response Port SIP Peer Enumeration
74352 Asterisk SIP Channel Driver Default Configuration Invalid SIP Request Usernam...
73434 Asterisk Multiple Products Manager Interface manager.c Originate Action Remot...
73433 Asterisk Multiple Products Unauthenticated Session Connection Saturation Remo...
73406 Asterisk tcptls.c TLS API TCP Session Saturation NULL Dereference Remote DoS
73405 Asterisk manager.c Manager Session Invalid Data Saturation Remote DoS
73309 Asterisk channels/chan_iax2.c iax2_setoption() Function Invalid Pointer DoS
73308 Asterisk channels/sip/reqresp_parser.c get_in_brackets_full() Function NULL D...
73307 Asterisk channels/chan_sip.c sipsock_read() Function NULL Byte Memory Corrupt...
73257 Asterisk SIP Multiple Message Response Username Enumeration
72752 Asterisk SIP Channel Driver reqresp_parser.c parse_uri_full() Function Contac...
70968 Asterisk main/udptl.c Multiple Function UPDTL Packet Handling Overflow
70518 Asterisk main/utils.c ast_uri_encode() Function Caller ID Information Overflow
62588 Asterisk main/acl.c CIDR Notation Host Access Restriction Bypass
62451 Asterisk Dialplan Wildcard Pattern Configuration Manipulation
60569 Asterisk rtp.c RTP Comfort Noise Payload Remote DoS
59697 Asterisk SIP REGISTER Response Username Enumeration Weakness
56991 Asterisk Multiple Function Maximum Width Handling Remote DoS
56571 Asterisk main/rtp.c RTP Text Frames Handling Remote DoS
52568 Asterisk SIP Channel Driver Pedantic Functionality Malformed SIP INVITE Messa...
38933 Asterisk Postgres Realtime Engine SQL Injection
38932 Asterisk Call Detail Record Postgres Multiple Strings SQL Injection
38202 Asterisk IMAP Voicemail Backend Crafted Fields Local Overflow
38201 Asterisk IMAP Voicemail Backend Crafted Content Header Remote Overflow

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-15 (asterisk)
File : nvt/glsa_201209_15.nasl
2012-10-03 Name : Debian Security Advisory DSA 2550-2 (asterisk)
File : nvt/deb_2550_2.nasl
2012-09-23 Name : Debian Security Advisory DSA 2550-1 (asterisk)
File : nvt/deb_2550_1.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-4230
File : nvt/gb_fedora_2012_4230_asterisk_fc17.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-10324
File : nvt/gb_fedora_2012_10324_asterisk_fc17.nasl
2012-08-30 Name : FreeBSD Ports: asterisk
File : nvt/freebsd_asterisk2.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-6704
File : nvt/gb_fedora_2012_6704_asterisk_fc17.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-9537
File : nvt/gb_fedora_2012_9537_asterisk_fc17.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-8670
File : nvt/gb_fedora_2012_8670_asterisk_fc17.nasl
2012-08-10 Name : FreeBSD Ports: asterisk10
File : nvt/freebsd_asterisk10.nasl
2012-08-10 Name : FreeBSD Ports: asterisk
File : nvt/freebsd_asterisk1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2493-1 (asterisk)
File : nvt/deb_2493_1.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-05 (Asterisk)
File : nvt/glsa_201206_05.nasl
2012-06-19 Name : Fedora Update for asterisk FEDORA-2012-8692
File : nvt/gb_fedora_2012_8692_asterisk_fc16.nasl
2012-06-19 Name : Fedora Update for asterisk FEDORA-2012-8685
File : nvt/gb_fedora_2012_8685_asterisk_fc15.nasl
2012-05-31 Name : FreeBSD Ports: asterisk16
File : nvt/freebsd_asterisk161.nasl
2012-05-04 Name : Fedora Update for asterisk FEDORA-2012-6612
File : nvt/gb_fedora_2012_6612_asterisk_fc16.nasl
2012-04-30 Name : Debian Security Advisory DSA 2460-1 (asterisk)
File : nvt/deb_2460_1.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201203-21 (Asterisk)
File : nvt/glsa_201203_21.nasl
2012-04-23 Name : Asterisk HTTP Manager Buffer Overflow Vulnerability
File : nvt/gb_asterisk_http_manager_bof_vuln.nasl
2012-04-02 Name : Fedora Update for asterisk FEDORA-2012-4318
File : nvt/gb_fedora_2012_4318_asterisk_fc16.nasl
2012-04-02 Name : Fedora Update for asterisk FEDORA-2012-4259
File : nvt/gb_fedora_2012_4259_asterisk_fc15.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-21 (Asterisk)
File : nvt/glsa_201110_21.nasl
2012-02-11 Name : Debian Security Advisory DSA 2367-1 (asterisk)
File : nvt/deb_2367_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2276-1 (asterisk)
File : nvt/deb_2276_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0078 Multiple Asterisk Products Security Bypass Vulnerability
Severity: Category I - VMSKEY: V0059871
2014-A-0085 Multiple Vulnerabilities in Asterisk Products
Severity: Category I - VMSKEY: V0052633
2014-A-0035 Multiple Vulnerabilities in Asterisk Products
Severity: Category I - VMSKEY: V0046183

Snort® IPS/IDS

Date Description
2014-01-10 Digium Asterisk IAX2 truncated video mini-frame packet overflow attempt
RuleID : 6513 - Type : PROTOCOL-VOIP - Revision : 6
2020-05-07 Asterisk Manager Interface Originate action arbitrary command execution attempt
RuleID : 53579 - Type : PROTOCOL-VOIP - Revision : 1
2019-09-19 Digium Asterisk multiple malformed Accept headers denial of service attempt
RuleID : 51087 - Type : PROTOCOL-VOIP - Revision : 1
2019-09-19 Digium Asterisk multiple malformed Accept headers denial of service attempt
RuleID : 51086 - Type : PROTOCOL-VOIP - Revision : 1
2015-10-14 Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt
RuleID : 36025 - Type : SERVER-OTHER - Revision : 3
2014-05-01 Digium Asterisk cookie stack buffer overflow attempt
RuleID : 30293 - Type : SERVER-WEBAPP - Revision : 4
2014-05-01 Digium Asterisk cookie stack buffer overflow attempt
RuleID : 30292 - Type : SERVER-WEBAPP - Revision : 4
2014-05-01 Digium Asterisk cookie stack buffer overflow attempt
RuleID : 30291 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10 attempted DOS detected
RuleID : 28165 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10 Digium Asterisk oversized Content-Length memory corruption attempt
RuleID : 25276 - Type : SERVER-OTHER - Revision : 5
2014-01-10 Digium Asterisk RTP comfort noise denial of service attempt
RuleID : 24270 - Type : PROTOCOL-VOIP - Revision : 3
2014-01-10 Digium Asterisk missing SIP version denial of service attempt
RuleID : 21669 - Type : PROTOCOL-VOIP - Revision : 9
2014-01-10 Digium Asterisk data length field overflow attempt
RuleID : 20670 - Type : PROTOCOL-VOIP - Revision : 7
2014-01-10 Digium Asterisk UDPTL processing overflow attempt
RuleID : 19167 - Type : PROTOCOL-VOIP - Revision : 10
2014-01-10 CSeq buffer overflow attempt
RuleID : 16351 - Type : PROTOCOL-VOIP - Revision : 11
2014-01-10 Digium Asterisk SIP sscanf denial of service attempt
RuleID : 16212 - Type : DOS - Revision : 2
2014-01-10 Digium Asterisk SIP sscanf denial of service attempt
RuleID : 16211 - Type : DOS - Revision : 2
2014-01-10 Digium Asterisk SIP sscanf denial of service attempt
RuleID : 16210 - Type : DOS - Revision : 2
2014-01-10 Digium Asterisk data length field overflow attempt
RuleID : 12359 - Type : PROTOCOL-VOIP - Revision : 11
2014-01-10 CSeq buffer overflow attempt
RuleID : 11971 - Type : PROTOCOL-VOIP - Revision : 8

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-11.nasl - Type: ACT_GATHER_INFO
2018-11-15 Name: A telephony application running on the remote host is affected by a denial of...
File: asterisk_ast_2018_010.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4320.nasl - Type: ACT_GATHER_INFO
2018-09-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1523.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2018_009.nasl - Type: ACT_GATHER_INFO
2018-09-24 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_77f67b46bd7511e881b6001999f8d30b.nasl - Type: ACT_GATHER_INFO
2018-06-15 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_15_x_2018_007-008.nasl - Type: ACT_GATHER_INFO
2018-06-15 Name: A telephony application running on the remote host is affected by a denial of...
File: asterisk_ast_2018_006.nasl - Type: ACT_GATHER_INFO
2018-06-15 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2018_008.nasl - Type: ACT_GATHER_INFO
2018-03-02 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_2018_001-006.nasl - Type: ACT_GATHER_INFO
2018-03-02 Name: A telephony application running on the remote host is affected by a Subscribe...
File: asterisk_ast_2018_002-005.nasl - Type: ACT_GATHER_INFO
2018-02-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_933654ce17b811e890b8001999f8d30b.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-41242dfe10.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-66e9367f7e.nasl - Type: ACT_GATHER_INFO
2018-01-04 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2017_014.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-1225.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4076.nasl - Type: ACT_GATHER_INFO
2017-12-28 Name: The remote Fedora host is missing a security update.
File: fedora_2017-38fbcdffc3.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2a3bc6ace7c611e7a90b001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-12-06 Name: A telephony application running on the remote host is affected by a memory ex...
File: asterisk_ast_2017_013.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e91cf90cd6dd11e79d10001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_2017_009-011.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_ab04cb0bc53311e78da5001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_be261737c53511e78da5001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-29.nasl - Type: ACT_GATHER_INFO