This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Asterisk First view 2007-12-19
Product Open Source Last view 2019-10-29
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:* 15
cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:* 14
cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:* 14

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2019-10-29 CVE-2009-3723

asterisk allows calls on prohibited networks

6.5 2018-06-12 CVE-2018-12228

An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.

7.5 2017-06-02 CVE-2017-9358

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

5 2013-04-01 CVE-2013-2686

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.

7.5 2013-04-01 CVE-2013-2685

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

5 2013-04-01 CVE-2013-2264

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.

9 2012-08-31 CVE-2012-2186

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.

4 2012-06-02 CVE-2012-2948

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.

6.5 2012-04-30 CVE-2012-2416

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.

6.5 2012-04-30 CVE-2012-2415

Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.

6.5 2012-04-30 CVE-2012-2414

main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.

4.3 2012-01-25 CVE-2012-0885

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

6.8 2011-10-21 CVE-2011-4063

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.

7.8 2009-09-08 CVE-2009-2346

The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.

7.8 2009-08-12 CVE-2009-2726

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

5 2009-01-14 CVE-2009-0041

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

4.3 2008-12-17 CVE-2008-5558

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

7.8 2008-07-24 CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.

4.3 2008-06-04 CVE-2008-2119

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.

7.1 2008-04-23 CVE-2008-1923

The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.

4.3 2008-04-23 CVE-2008-1897

The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.

7.5 2008-03-24 CVE-2008-1289

Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.

5.8 2008-03-19 CVE-2008-1333

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

8.8 2008-03-19 CVE-2008-1332

Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.

5 2008-01-07 CVE-2008-0095

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

CWE : Common Weakness Enumeration

%idName
28% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
23% (5) CWE-287 Improper Authentication
14% (3) CWE-399 Resource Management Errors
9% (2) CWE-200 Information Exposure
9% (2) CWE-20 Improper Input Validation
4% (1) CWE-264 Permissions, Privileges, and Access Controls
4% (1) CWE-134 Uncontrolled Format String
4% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99 XML Parser Attack
CAPEC-119 Resource Depletion
CAPEC-121 Locate and Exploit Test APIs
CAPEC-125 Resource Depletion through Flooding
CAPEC-130 Resource Depletion through Allocation
CAPEC-147 XML Ping of Death
CAPEC-197 XEE (XML Entity Expansion)
CAPEC-227 Denial of Service through Resource Depletion
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229 XML Attribute Blowup

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:8002 DSA-1525 asterisk -- several vulnerabilities
oval:org.mitre.oval:def:17968 DSA-1525-1 asterisk
oval:org.mitre.oval:def:7422 DSA-1563 asterisk -- programming error
oval:org.mitre.oval:def:20041 DSA-1563-1 asterisk - denial of service
oval:org.mitre.oval:def:20181 DSA-2460-1 asterisk - several

Open Source Vulnerability Database (OSVDB)

id Description
78482 Asterisk SRTP Video Stream Negotiation Remote DoS
76784 Asterisk SIP Channel Driver chan_sip.c Uninitialized Variable Request Parsing...
57762 Asterisk IAX2 Call Number Resource Exhaustion Remote DoS
56991 Asterisk Multiple Function Maximum Width Handling Remote DoS
51373 Asterisk IAX2 User Account Enumeration Weakness
50675 Asterisk IAX2 Realtime Hostname Handling User Authentication Remote DoS
47254 Asterisk IAX2 FWDOWNL Request Spoofing Remote DoS
46014 Asterisk Pedantic Parsing SIP INVITE Message Handling Remote DoS
44649 Asterisk Open Source IAX2 Channel Driver (chan_iax2) Spoofed ACK Response Han...
44648 Asterisk IAX2 Channel Driver (chan_iax2) Spoofed NEW Message Remote DoS
43416 Asterisk RTP Payload Handling Multiple Remote Overflows
43415 Asterisk SIP Channel Driver Unauthenticated Call Remote Privilege Escalation
43414 Asterisk ast_verbose Logging API Manager command Format String
39841 Asterisk BYE/Also Transfer Method DoS
39519 Asterisk Host Based Registration Database Security Bypass

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-15 (asterisk)
File : nvt/glsa_201209_15.nasl
2012-10-03 Name : Debian Security Advisory DSA 2550-2 (asterisk)
File : nvt/deb_2550_2.nasl
2012-09-23 Name : Debian Security Advisory DSA 2550-1 (asterisk)
File : nvt/deb_2550_1.nasl
2012-09-22 Name : Fedora Update for asterisk FEDORA-2012-13338
File : nvt/gb_fedora_2012_13338_asterisk_fc17.nasl
2012-09-22 Name : Fedora Update for asterisk FEDORA-2012-13437
File : nvt/gb_fedora_2012_13437_asterisk_fc16.nasl
2012-08-30 Name : FreeBSD Ports: asterisk
File : nvt/freebsd_asterisk2.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-6704
File : nvt/gb_fedora_2012_6704_asterisk_fc17.nasl
2012-08-10 Name : Debian Security Advisory DSA 2493-1 (asterisk)
File : nvt/deb_2493_1.nasl
2012-08-10 Name : FreeBSD Ports: asterisk10
File : nvt/freebsd_asterisk10.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-05 (Asterisk)
File : nvt/glsa_201206_05.nasl
2012-06-19 Name : SIP channel driver in Asterisk suffers remote crash vulnerability
File : nvt/nopsec_asterisk_ast_2012_006.nasl
2012-05-31 Name : FreeBSD Ports: asterisk16
File : nvt/freebsd_asterisk161.nasl
2012-05-08 Name : Fedora Update for asterisk FEDORA-2012-6724
File : nvt/gb_fedora_2012_6724_asterisk_fc15.nasl
2012-05-04 Name : Fedora Update for asterisk FEDORA-2012-6612
File : nvt/gb_fedora_2012_6612_asterisk_fc16.nasl
2012-04-30 Name : FreeBSD Ports: asterisk16
File : nvt/freebsd_asterisk160.nasl
2012-04-30 Name : Debian Security Advisory DSA 2460-1 (asterisk)
File : nvt/deb_2460_1.nasl
2012-04-02 Name : Fedora Update for asterisk FEDORA-2011-14480
File : nvt/gb_fedora_2011_14480_asterisk_fc16.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201202-06 (asterisk)
File : nvt/glsa_201202_06.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-21 (Asterisk)
File : nvt/glsa_201110_21.nasl
2011-11-11 Name : Fedora Update for asterisk FEDORA-2011-14538
File : nvt/gb_fedora_2011_14538_asterisk_fc15.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-20 (asterisk)
File : nvt/glsa_201006_20.nasl
2009-12-30 Name : Debian Security Advisory DSA 1952-1 (asterisk)
File : nvt/deb_1952_1.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-12461 (asterisk)
File : nvt/fcore_2009_12461.nasl
2009-12-03 Name : Fedora Core 10 FEDORA-2009-11126 (asterisk)
File : nvt/fcore_2009_11126.nasl
2009-09-28 Name : Fedora Core 11 FEDORA-2009-9405 (asterisk)
File : nvt/fcore_2009_9405.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0070 Multiple Vulnerabilities in Asterisk Products
Severity: Category I - VMSKEY: V0037603

Snort® IPS/IDS

Date Description
2015-03-17 Digium Asterisk SIP channel driver denial of service attempt
RuleID : 33445 - Type : PROTOCOL-VOIP - Revision : 2
2014-01-10 Digium Asterisk SIP SDP header parsing stack buffer overflow attempt
RuleID : 26426 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10 Digium Asterisk SIP SDP header parsing stack buffer overflow attempt
RuleID : 26425 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10 Digium Asterisk oversized Content-Length memory corruption attempt
RuleID : 25276 - Type : SERVER-OTHER - Revision : 4
2014-01-10 Digium Asterisk SCCP keypad button message denial of service attempt
RuleID : 24720 - Type : PROTOCOL-VOIP - Revision : 8
2014-01-10 Digium Asterisk SCCP call state message offhook
RuleID : 24719 - Type : PROTOCOL-VOIP - Revision : 9
2014-01-10 Digium Asterisk Manager command shell execution attempt
RuleID : 23210 - Type : PROTOCOL-VOIP - Revision : 9
2014-01-10 Digium Asterisk Manager command shell execution attempt
RuleID : 23209 - Type : PROTOCOL-VOIP - Revision : 9
2014-01-10 Digium Asterisk IAX2 call number denial of service
RuleID : 21608 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10 Digium Asterisk channel driver denial of service attempt
RuleID : 21103 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10 Digium Asterisk channel driver denial of service attempt
RuleID : 21102 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10 Digium Asterisk channel driver denial of service attempt
RuleID : 21101 - Type : PROTOCOL-VOIP - Revision : 7
2014-01-10 Digium Asterisk Attribute header rtpmap field buffer overflow attempt
RuleID : 20392 - Type : PROTOCOL-VOIP - Revision : 10
2014-01-10 Digium Asterisk Attribute header rtpmap field buffer overflow attempt
RuleID : 20391 - Type : PROTOCOL-VOIP - Revision : 10
2014-01-10 Attribute header rtpmap field invalid payload type
RuleID : 20390 - Type : PROTOCOL-VOIP - Revision : 9
2014-01-10 Digium Asterisk IAX2 ack response denial of service attempt
RuleID : 16445 - Type : PROTOCOL-VOIP - Revision : 11
2014-01-10 CSeq buffer overflow attempt
RuleID : 16351 - Type : PROTOCOL-VOIP - Revision : 11
2014-01-10 Digium Asterisk SIP sscanf denial of service attempt
RuleID : 16212 - Type : DOS - Revision : 2
2014-01-10 Digium Asterisk SIP sscanf denial of service attempt
RuleID : 16211 - Type : DOS - Revision : 2
2014-01-10 Digium Asterisk SIP sscanf denial of service attempt
RuleID : 16210 - Type : DOS - Revision : 2
2014-01-10 Attribute header rtpmap field invalid payload type
RuleID : 13693 - Type : PROTOCOL-VOIP - Revision : 12
2014-01-10 CSeq buffer overflow attempt
RuleID : 11971 - Type : PROTOCOL-VOIP - Revision : 8

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-06-15 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_15_x_2018_007-008.nasl - Type: ACT_GATHER_INFO
2014-01-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201401-15.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-140.nasl - Type: ACT_GATHER_INFO
2013-04-10 Name: A telephony application running on the remote host is affected by an informat...
File: asterisk_ast_2013_003.nasl - Type: ACT_GATHER_INFO
2013-04-10 Name: A telephony application running on the remote host is affected by a buffer ov...
File: asterisk_ast_2013_001.nasl - Type: ACT_GATHER_INFO
2013-04-10 Name: A telephony application running on the remote host is affected by a denial of...
File: asterisk_ast_2013_002.nasl - Type: ACT_GATHER_INFO
2013-04-08 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_daf0a339985011e2879ed43d7e0c7c02.nasl - Type: ACT_GATHER_INFO
2013-04-08 Name: The remote Fedora host is missing a security update.
File: fedora_2013-4528.nasl - Type: ACT_GATHER_INFO
2013-04-08 Name: The remote Fedora host is missing a security update.
File: fedora_2013-4566.nasl - Type: ACT_GATHER_INFO
2012-09-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201209-15.nasl - Type: ACT_GATHER_INFO
2012-09-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2550.nasl - Type: ACT_GATHER_INFO
2012-09-18 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13286.nasl - Type: ACT_GATHER_INFO
2012-09-18 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13338.nasl - Type: ACT_GATHER_INFO
2012-09-18 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13437.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: A telephony application running on the remote host is affected by a security ...
File: asterisk_ast_2012_012.nasl - Type: ACT_GATHER_INFO
2012-08-31 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_4c53f007f2ed11e1a21514dae9ebcf89.nasl - Type: ACT_GATHER_INFO
2012-06-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2493.nasl - Type: ACT_GATHER_INFO
2012-06-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201206-05.nasl - Type: ACT_GATHER_INFO
2012-06-14 Name: A telephony application running on the remote host is affected by a denial of...
File: asterisk_ast_2012_008.nasl - Type: ACT_GATHER_INFO
2012-05-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_359f615da9e111e18a6614dae9ebcf89.nasl - Type: ACT_GATHER_INFO
2012-05-07 Name: The remote Fedora host is missing a security update.
File: fedora_2012-6724.nasl - Type: ACT_GATHER_INFO
2012-05-07 Name: The remote Fedora host is missing a security update.
File: fedora_2012-6704.nasl - Type: ACT_GATHER_INFO
2012-05-04 Name: The remote Fedora host is missing a security update.
File: fedora_2012-6612.nasl - Type: ACT_GATHER_INFO
2012-04-27 Name: A telephony application running on the remote host is affected by a heap-base...
File: asterisk_ast_2012_005.nasl - Type: ACT_GATHER_INFO
2012-04-27 Name: A telephony application running on the remote host is affected by a privilege...
File: asterisk_ast_2012_004.nasl - Type: ACT_GATHER_INFO