This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Digium First view 2003-09-17
Product Asterisk Last view 2019-11-22
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:* 53
cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:* 52
cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:* 52
cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:* 52
cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:* 52
cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:* 51
cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:* 51
cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:* 51
cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:* 51
cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:* 50
cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:* 49
cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:* 49
cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:* 47
cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:* 46
cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:* 46
cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:* 46
cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:* 46
cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:* 46
cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:* 45
cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:* 45
cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:* 43
cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:* 42
cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:* 42

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2019-11-22 CVE-2019-18976

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

6.5 2019-11-22 CVE-2019-18790

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

8.8 2019-11-22 CVE-2019-18610

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

7.5 2019-09-09 CVE-2019-15639

main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.

6.5 2019-09-09 CVE-2019-15297

res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk.

5.3 2019-07-12 CVE-2019-13161

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

6.5 2019-07-12 CVE-2019-12827

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

7.5 2019-05-23 CVE-2016-7550

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).

6.5 2019-03-28 CVE-2019-7251

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

7.5 2018-11-14 CVE-2018-19278

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

7.5 2018-09-24 CVE-2018-17281

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

5.3 2018-06-12 CVE-2018-12227

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

5.9 2018-02-21 CVE-2018-7287

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

6.5 2018-02-21 CVE-2018-7286

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

7.5 2018-02-21 CVE-2018-7285

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

7.5 2018-02-21 CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

7.5 2017-12-27 CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

5.9 2017-12-13 CVE-2017-17664

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

7.5 2017-12-01 CVE-2017-17090

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

5.9 2017-11-08 CVE-2017-16672

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

8.8 2017-11-08 CVE-2017-16671

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

7.5 2017-10-09 CVE-2017-14603

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

9.8 2017-09-02 CVE-2017-14100

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.

7.5 2017-09-02 CVE-2017-14099

In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.

7.5 2017-09-02 CVE-2017-14098

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

CWE : Common Weakness Enumeration

%idName
23% (17) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
19% (14) CWE-20 Improper Input Validation
10% (8) CWE-399 Resource Management Errors
9% (7) CWE-200 Information Exposure
8% (6) CWE-264 Permissions, Privileges, and Access Controls
6% (5) CWE-476 NULL Pointer Dereference
2% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (1) CWE-787 Out-of-bounds Write
1% (1) CWE-772 Missing Release of Resource after Effective Lifetime
1% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
1% (1) CWE-459 Incomplete Cleanup
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-310 Cryptographic Issues
1% (1) CWE-285 Improper Access Control (Authorization)
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
1% (1) CWE-190 Integer Overflow or Wraparound
1% (1) CWE-189 Numeric Errors
1% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (1) CWE-19 Data Handling
1% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:18041 DSA-1417-1 asterisk - SQL injection
oval:org.mitre.oval:def:12470 DSA-2171-1 asterisk -- buffer overflow
oval:org.mitre.oval:def:12914 DSA-2225-1 asterisk -- several
oval:org.mitre.oval:def:13073 DSA-2276-1 asterisk -- multiple denial of service
oval:org.mitre.oval:def:12933 DSA-2276-2 asterisk -- multiple denial of service
oval:org.mitre.oval:def:18445 DSA-2493-1 asterisk - denial of service
oval:org.mitre.oval:def:15029 DSA-2367-1 asterisk -- several
oval:org.mitre.oval:def:20005 DSA-2550-1 asterisk - several
oval:org.mitre.oval:def:29135 DSA-2550-2 -- asterisk -- several vulnerabilities
oval:org.mitre.oval:def:18564 DSA-2605-1 asterisk - several issues
oval:org.mitre.oval:def:28902 DSA-2605-2 -- asterisk -- several issues
oval:org.mitre.oval:def:18540 DSA-2749-1 asterisk - several
oval:org.mitre.oval:def:20939 DSA-2835-1 asterisk - buffer overflow

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77598 Asterisk channels/chan_sip.c handle_request_info() Function SIP Packet Parsin...
77597 Asterisk Request Response Port SIP Peer Enumeration
74352 Asterisk SIP Channel Driver Default Configuration Invalid SIP Request Usernam...
73434 Asterisk Multiple Products Manager Interface manager.c Originate Action Remot...
73433 Asterisk Multiple Products Unauthenticated Session Connection Saturation Remo...
73406 Asterisk tcptls.c TLS API TCP Session Saturation NULL Dereference Remote DoS
73405 Asterisk manager.c Manager Session Invalid Data Saturation Remote DoS
73309 Asterisk channels/chan_iax2.c iax2_setoption() Function Invalid Pointer DoS
73308 Asterisk channels/sip/reqresp_parser.c get_in_brackets_full() Function NULL D...
73307 Asterisk channels/chan_sip.c sipsock_read() Function NULL Byte Memory Corrupt...
73257 Asterisk SIP Multiple Message Response Username Enumeration
72752 Asterisk SIP Channel Driver reqresp_parser.c parse_uri_full() Function Contac...
70968 Asterisk main/udptl.c Multiple Function UPDTL Packet Handling Overflow
70518 Asterisk main/utils.c ast_uri_encode() Function Caller ID Information Overflow
62588 Asterisk main/acl.c CIDR Notation Host Access Restriction Bypass
62451 Asterisk Dialplan Wildcard Pattern Configuration Manipulation
60569 Asterisk rtp.c RTP Comfort Noise Payload Remote DoS
59697 Asterisk SIP REGISTER Response Username Enumeration Weakness
56571 Asterisk main/rtp.c RTP Text Frames Handling Remote DoS
52568 Asterisk SIP Channel Driver Pedantic Functionality Malformed SIP INVITE Messa...
38933 Asterisk Postgres Realtime Engine SQL Injection
38932 Asterisk Call Detail Record Postgres Multiple Strings SQL Injection
38202 Asterisk IMAP Voicemail Backend Crafted Fields Local Overflow
38201 Asterisk IMAP Voicemail Backend Crafted Content Header Remote Overflow
38197 Asterisk IAX2 Channel Driver (chan_iax2) Incomplete Connection Saturation Rem...

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-15 (asterisk)
File : nvt/glsa_201209_15.nasl
2012-10-03 Name : Debian Security Advisory DSA 2550-2 (asterisk)
File : nvt/deb_2550_2.nasl
2012-09-23 Name : Debian Security Advisory DSA 2550-1 (asterisk)
File : nvt/deb_2550_1.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-4230
File : nvt/gb_fedora_2012_4230_asterisk_fc17.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-10324
File : nvt/gb_fedora_2012_10324_asterisk_fc17.nasl
2012-08-30 Name : FreeBSD Ports: asterisk
File : nvt/freebsd_asterisk2.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-6704
File : nvt/gb_fedora_2012_6704_asterisk_fc17.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-9537
File : nvt/gb_fedora_2012_9537_asterisk_fc17.nasl
2012-08-30 Name : Fedora Update for asterisk FEDORA-2012-8670
File : nvt/gb_fedora_2012_8670_asterisk_fc17.nasl
2012-08-10 Name : FreeBSD Ports: asterisk10
File : nvt/freebsd_asterisk10.nasl
2012-08-10 Name : FreeBSD Ports: asterisk
File : nvt/freebsd_asterisk1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2493-1 (asterisk)
File : nvt/deb_2493_1.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-05 (Asterisk)
File : nvt/glsa_201206_05.nasl
2012-06-19 Name : Fedora Update for asterisk FEDORA-2012-8692
File : nvt/gb_fedora_2012_8692_asterisk_fc16.nasl
2012-06-19 Name : Fedora Update for asterisk FEDORA-2012-8685
File : nvt/gb_fedora_2012_8685_asterisk_fc15.nasl
2012-05-31 Name : FreeBSD Ports: asterisk16
File : nvt/freebsd_asterisk161.nasl
2012-05-04 Name : Fedora Update for asterisk FEDORA-2012-6612
File : nvt/gb_fedora_2012_6612_asterisk_fc16.nasl
2012-04-30 Name : Debian Security Advisory DSA 2460-1 (asterisk)
File : nvt/deb_2460_1.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201203-21 (Asterisk)
File : nvt/glsa_201203_21.nasl
2012-04-23 Name : Asterisk HTTP Manager Buffer Overflow Vulnerability
File : nvt/gb_asterisk_http_manager_bof_vuln.nasl
2012-04-02 Name : Fedora Update for asterisk FEDORA-2012-4318
File : nvt/gb_fedora_2012_4318_asterisk_fc16.nasl
2012-04-02 Name : Fedora Update for asterisk FEDORA-2012-4259
File : nvt/gb_fedora_2012_4259_asterisk_fc15.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-21 (Asterisk)
File : nvt/glsa_201110_21.nasl
2012-02-11 Name : Debian Security Advisory DSA 2367-1 (asterisk)
File : nvt/deb_2367_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2276-1 (asterisk)
File : nvt/deb_2276_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0078 Multiple Asterisk Products Security Bypass Vulnerability
Severity: Category I - VMSKEY: V0059871
2014-A-0085 Multiple Vulnerabilities in Asterisk Products
Severity: Category I - VMSKEY: V0052633
2014-A-0035 Multiple Vulnerabilities in Asterisk Products
Severity: Category I - VMSKEY: V0046183

Snort® IPS/IDS

Date Description
2014-01-10 Digium Asterisk IAX2 truncated video mini-frame packet overflow attempt
RuleID : 6513 - Type : PROTOCOL-VOIP - Revision : 6
2020-05-07 Asterisk Manager Interface Originate action arbitrary command execution attempt
RuleID : 53579 - Type : PROTOCOL-VOIP - Revision : 1
2019-09-19 Digium Asterisk multiple malformed Accept headers denial of service attempt
RuleID : 51087 - Type : PROTOCOL-VOIP - Revision : 1
2019-09-19 Digium Asterisk multiple malformed Accept headers denial of service attempt
RuleID : 51086 - Type : PROTOCOL-VOIP - Revision : 1
2015-10-14 Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt
RuleID : 36025 - Type : SERVER-OTHER - Revision : 3
2014-05-01 Digium Asterisk cookie stack buffer overflow attempt
RuleID : 30293 - Type : SERVER-WEBAPP - Revision : 4
2014-05-01 Digium Asterisk cookie stack buffer overflow attempt
RuleID : 30292 - Type : SERVER-WEBAPP - Revision : 4
2014-05-01 Digium Asterisk cookie stack buffer overflow attempt
RuleID : 30291 - Type : SERVER-WEBAPP - Revision : 4
2014-01-10 attempted DOS detected
RuleID : 28165 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10 Digium Asterisk oversized Content-Length memory corruption attempt
RuleID : 25276 - Type : SERVER-OTHER - Revision : 4
2014-01-10 Digium Asterisk RTP comfort noise denial of service attempt
RuleID : 24270 - Type : PROTOCOL-VOIP - Revision : 3
2014-01-10 Digium Asterisk missing SIP version denial of service attempt
RuleID : 21669 - Type : PROTOCOL-VOIP - Revision : 9
2014-01-10 Digium Asterisk data length field overflow attempt
RuleID : 20670 - Type : PROTOCOL-VOIP - Revision : 7
2014-01-10 Digium Asterisk UDPTL processing overflow attempt
RuleID : 19167 - Type : PROTOCOL-VOIP - Revision : 10
2014-01-10 Digium Asterisk data length field overflow attempt
RuleID : 12359 - Type : PROTOCOL-VOIP - Revision : 11

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-11.nasl - Type: ACT_GATHER_INFO
2018-11-15 Name: A telephony application running on the remote host is affected by a denial of...
File: asterisk_ast_2018_010.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4320.nasl - Type: ACT_GATHER_INFO
2018-09-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1523.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2018_009.nasl - Type: ACT_GATHER_INFO
2018-09-24 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_77f67b46bd7511e881b6001999f8d30b.nasl - Type: ACT_GATHER_INFO
2018-06-15 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_15_x_2018_007-008.nasl - Type: ACT_GATHER_INFO
2018-06-15 Name: A telephony application running on the remote host is affected by a denial of...
File: asterisk_ast_2018_006.nasl - Type: ACT_GATHER_INFO
2018-06-15 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2018_008.nasl - Type: ACT_GATHER_INFO
2018-03-02 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_2018_001-006.nasl - Type: ACT_GATHER_INFO
2018-03-02 Name: A telephony application running on the remote host is affected by a Subscribe...
File: asterisk_ast_2018_002-005.nasl - Type: ACT_GATHER_INFO
2018-02-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_933654ce17b811e890b8001999f8d30b.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-41242dfe10.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-66e9367f7e.nasl - Type: ACT_GATHER_INFO
2018-01-04 Name: A telephony application running on the remote host is affected by a remote de...
File: asterisk_ast_2017_014.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-1225.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4076.nasl - Type: ACT_GATHER_INFO
2017-12-28 Name: The remote Fedora host is missing a security update.
File: fedora_2017-38fbcdffc3.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2a3bc6ace7c611e7a90b001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-12-06 Name: A telephony application running on the remote host is affected by a memory ex...
File: asterisk_ast_2017_013.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e91cf90cd6dd11e79d10001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: A telephony application running on the remote host is affected by multiple vu...
File: asterisk_ast_2017_009-011.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_ab04cb0bc53311e78da5001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_be261737c53511e78da5001999f8d30b.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-29.nasl - Type: ACT_GATHER_INFO