This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:asterisk:open_source |
| Detail | |||
|---|---|---|---|
| Vendor | Asterisk | First view | 2007-12-19 |
| Product | Open Source | Last view | 2017-06-02 |
| Version | Type | Application | |
| Edition | |||
| Language | |||
| Update | |||
Activity : Overall
COMMON PLATFORM ENUMERATION : Repartition per Version
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 5 | 2017-06-02 | CVE-2017-9358 | Network | Low | None Requ... | |
| 5 | 2013-04-01 | CVE-2013-2686 | Network | Low | None Requ... | |
| 7.5 | 2013-04-01 | CVE-2013-2685 | Network | Low | None Requ... | |
| 5 | 2013-04-01 | CVE-2013-2264 | Network | Low | None Requ... | |
| 9 | 2012-08-31 | CVE-2012-2186 | Network | Low | Requires ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 4 | 2012-06-02 | CVE-2012-2948 | Network | Low | Requires ... | |
| 6.5 | 2012-04-30 | CVE-2012-2416 | Network | Low | Requires ... | |
| 6.5 | 2012-04-30 | CVE-2012-2415 | Network | Low | Requires ... | |
| 6.5 | 2012-04-30 | CVE-2012-2414 | Network | Low | Requires ... | |
| 4.3 | 2012-01-25 | CVE-2012-0885 | Network | Medium | None Requ... | |
| 6.8 | 2011-10-21 | CVE-2011-4063 | Network | Low | Requires ... | |
| 7.8 | 2009-09-08 | CVE-2009-2346 | Network | Low | None Requ... | |
| 7.8 | 2009-08-12 | CVE-2009-2726 | Network | Low | None Requ... | |
| 5 | 2009-01-14 | CVE-2009-0041 | Network | Low | None Requ... | |
| 4.3 | 2008-12-17 | CVE-2008-5558 | Network | Medium | None Requ... | |
| 7.8 | 2008-07-24 | CVE-2008-3264 | Network | Low | None Requ... | |
| 4.3 | 2008-06-04 | CVE-2008-2119 | Network | Medium | None Requ... | |
| 7.1 | 2008-04-23 | CVE-2008-1923 | Network | Medium | None Requ... | |
| 4.3 | 2008-04-23 | CVE-2008-1897 | Network | Medium | None Requ... | |
| 7.5 | 2008-03-24 | CVE-2008-1289 | Network | Low | None Requ... | |
| 5.8 | 2008-03-19 | CVE-2008-1333 | Network | Medium | None Requ... | |
| 8.8 | 2008-03-19 | CVE-2008-1332 | Network | Medium | None Requ... | |
| 5 | 2008-01-07 | CVE-2008-0095 | Network | Low | None Requ... | |
| 4.3 | 2007-12-19 | CVE-2007-6430 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 23% (5) | CWE-287 | Improper Authentication |
| 14% (3) | CWE-399 | Resource Management Errors |
| 9% (2) | CWE-200 | Information Exposure |
| 9% (2) | CWE-20 | Improper Input Validation |
| % | id | Name |
|---|---|---|
| 4% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 4% (1) | CWE-134 | Uncontrolled Format String |
| 4% (1) | CWE-16 | Configuration |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-99 | XML Parser Attack |
| CAPEC-119 | Resource Depletion |
| CAPEC-121 | Locate and Exploit Test APIs |
| id | Name |
|---|---|
| CAPEC-125 | Resource Depletion through Flooding |
| CAPEC-130 | Resource Depletion through Allocation |
| CAPEC-147 | XML Ping of Death |
| CAPEC-197 | XEE (XML Entity Expansion) |
| CAPEC-227 | Denial of Service through Resource Depletion |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
| CAPEC-229 | XML Attribute Blowup |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78482 | Asterisk SRTP Video Stream Negotiation Remote DoS |
| 76784 | Asterisk SIP Channel Driver chan_sip.c Uninitialized Variable Request Parsing... |
| 57762 | Asterisk IAX2 Call Number Resource Exhaustion Remote DoS |
| 56991 | Asterisk Multiple Function Maximum Width Handling Remote DoS |
| 51373 | Asterisk IAX2 User Account Enumeration Weakness |
| id | Description |
|---|---|
| 50675 | Asterisk IAX2 Realtime Hostname Handling User Authentication Remote DoS |
| 47254 | Asterisk IAX2 FWDOWNL Request Spoofing Remote DoS |
| 46014 | Asterisk Pedantic Parsing SIP INVITE Message Handling Remote DoS |
| 44649 | Asterisk Open Source IAX2 Channel Driver (chan_iax2) Spoofed ACK Response Han... |
| 44648 | Asterisk IAX2 Channel Driver (chan_iax2) Spoofed NEW Message Remote DoS |
| 43416 | Asterisk RTP Payload Handling Multiple Remote Overflows |
| 43415 | Asterisk SIP Channel Driver Unauthenticated Call Remote Privilege Escalation |
| 43414 | Asterisk ast_verbose Logging API Manager command Format String |
| 39841 | Asterisk BYE/Also Transfer Method DoS |
| 39519 | Asterisk Host Based Registration Database Security Bypass |
OpenVAS Exploits
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-10-03 | Name : Debian Security Advisory DSA 2550-2 (asterisk) File : nvt/deb_2550_2.nasl |
| 2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-15 (asterisk) File : nvt/glsa_201209_15.nasl |
| 2012-09-23 | Name : Debian Security Advisory DSA 2550-1 (asterisk) File : nvt/deb_2550_1.nasl |
| 2012-09-22 | Name : Fedora Update for asterisk FEDORA-2012-13338 File : nvt/gb_fedora_2012_13338_asterisk_fc17.nasl |
| 2012-09-22 | Name : Fedora Update for asterisk FEDORA-2012-13437 File : nvt/gb_fedora_2012_13437_asterisk_fc16.nasl |
| id | Description |
|---|---|
| 2012-08-30 | Name : FreeBSD Ports: asterisk File : nvt/freebsd_asterisk2.nasl |
| 2012-08-30 | Name : Fedora Update for asterisk FEDORA-2012-6704 File : nvt/gb_fedora_2012_6704_asterisk_fc17.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2493-1 (asterisk) File : nvt/deb_2493_1.nasl |
| 2012-08-10 | Name : FreeBSD Ports: asterisk10 File : nvt/freebsd_asterisk10.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-05 (Asterisk) File : nvt/glsa_201206_05.nasl |
| 2012-06-19 | Name : SIP channel driver in Asterisk suffers remote crash vulnerability File : nvt/nopsec_asterisk_ast_2012_006.nasl |
| 2012-05-31 | Name : FreeBSD Ports: asterisk16 File : nvt/freebsd_asterisk161.nasl |
| 2012-05-08 | Name : Fedora Update for asterisk FEDORA-2012-6724 File : nvt/gb_fedora_2012_6724_asterisk_fc15.nasl |
| 2012-05-04 | Name : Fedora Update for asterisk FEDORA-2012-6612 File : nvt/gb_fedora_2012_6612_asterisk_fc16.nasl |
| 2012-04-30 | Name : FreeBSD Ports: asterisk16 File : nvt/freebsd_asterisk160.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2460-1 (asterisk) File : nvt/deb_2460_1.nasl |
| 2012-04-02 | Name : Fedora Update for asterisk FEDORA-2011-14480 File : nvt/gb_fedora_2011_14480_asterisk_fc16.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201202-06 (asterisk) File : nvt/glsa_201202_06.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-21 (Asterisk) File : nvt/glsa_201110_21.nasl |
| 2011-11-11 | Name : Fedora Update for asterisk FEDORA-2011-14538 File : nvt/gb_fedora_2011_14538_asterisk_fc15.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-20 (asterisk) File : nvt/glsa_201006_20.nasl |
| 2009-12-30 | Name : Debian Security Advisory DSA 1952-1 (asterisk) File : nvt/deb_1952_1.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12461 (asterisk) File : nvt/fcore_2009_12461.nasl |
| 2009-12-03 | Name : Fedora Core 10 FEDORA-2009-11126 (asterisk) File : nvt/fcore_2009_11126.nasl |
| 2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9374 (asterisk) File : nvt/fcore_2009_9374.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0070 | Multiple Vulnerabilities in Asterisk Products Severity : Category I - VMSKEY : V0037603 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-03-17 | Digium Asterisk SIP channel driver denial of service attempt RuleID : 33445 - Type : PROTOCOL-VOIP - Revision : 2 |
| 2014-01-10 | Digium Asterisk SIP SDP header parsing stack buffer overflow attempt RuleID : 26426 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk SIP SDP header parsing stack buffer overflow attempt RuleID : 26425 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk oversized Content-Length memory corruption attempt RuleID : 25276 - Type : SERVER-OTHER - Revision : 4 |
| 2014-01-10 | Digium Asterisk SCCP keypad button message denial of service attempt RuleID : 24720 - Type : PROTOCOL-VOIP - Revision : 7 |
| Date | Description |
|---|---|
| 2014-01-10 | Digium Asterisk SCCP call state message offhook RuleID : 24719 - Type : PROTOCOL-VOIP - Revision : 8 |
| 2014-01-10 | Digium Asterisk Manager command shell execution attempt RuleID : 23210 - Type : PROTOCOL-VOIP - Revision : 9 |
| 2014-01-10 | Digium Asterisk Manager command shell execution attempt RuleID : 23209 - Type : PROTOCOL-VOIP - Revision : 9 |
| 2014-01-10 | Digium Asterisk IAX2 call number denial of service RuleID : 21608 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk channel driver denial of service attempt RuleID : 21103 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk channel driver denial of service attempt RuleID : 21102 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk channel driver denial of service attempt RuleID : 21101 - Type : PROTOCOL-VOIP - Revision : 7 |
| 2014-01-10 | Digium Asterisk Attribute header rtpmap field buffer overflow attempt RuleID : 20392 - Type : PROTOCOL-VOIP - Revision : 10 |
| 2014-01-10 | Digium Asterisk Attribute header rtpmap field buffer overflow attempt RuleID : 20391 - Type : PROTOCOL-VOIP - Revision : 10 |
| 2014-01-10 | Attribute header rtpmap field invalid payload type RuleID : 20390 - Type : PROTOCOL-VOIP - Revision : 9 |
| 2014-01-10 | Digium Asterisk IAX2 ack response denial of service attempt RuleID : 16445 - Type : PROTOCOL-VOIP - Revision : 11 |
| 2014-01-10 | CSeq buffer overflow attempt RuleID : 16351 - Type : PROTOCOL-VOIP - Revision : 11 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16212 - Type : DOS - Revision : 2 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16211 - Type : DOS - Revision : 2 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16210 - Type : DOS - Revision : 2 |
| 2014-01-10 | Attribute header rtpmap field invalid payload type RuleID : 13693 - Type : PROTOCOL-VOIP - Revision : 12 |
| 2014-01-10 | CSeq buffer overflow attempt RuleID : 11971 - Type : PROTOCOL-VOIP - Revision : 8 |
Nessus® Vulnerability Scanner
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2014-01-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-15.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-140.nasl - Type : ACT_GATHER_INFO |
| 2013-04-10 | Name : A telephony application running on the remote host is affected by a buffer ov... File : asterisk_ast_2013_001.nasl - Type : ACT_GATHER_INFO |
| 2013-04-10 | Name : A telephony application running on the remote host is affected by a denial of... File : asterisk_ast_2013_002.nasl - Type : ACT_GATHER_INFO |
| 2013-04-10 | Name : A telephony application running on the remote host is affected by an informat... File : asterisk_ast_2013_003.nasl - Type : ACT_GATHER_INFO |
| id | Description |
|---|---|
| 2013-04-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4528.nasl - Type : ACT_GATHER_INFO |
| 2013-04-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4566.nasl - Type : ACT_GATHER_INFO |
| 2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_daf0a339985011e2879ed43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-15.nasl - Type : ACT_GATHER_INFO |
| 2012-09-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2550.nasl - Type : ACT_GATHER_INFO |
| 2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13286.nasl - Type : ACT_GATHER_INFO |
| 2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13338.nasl - Type : ACT_GATHER_INFO |
| 2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13437.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : A telephony application running on the remote host is affected by a security ... File : asterisk_ast_2012_012.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4c53f007f2ed11e1a21514dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2493.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-05.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : A telephony application running on the remote host is affected by a denial of... File : asterisk_ast_2012_008.nasl - Type : ACT_GATHER_INFO |
| 2012-05-30 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_359f615da9e111e18a6614dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6704.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6724.nasl - Type : ACT_GATHER_INFO |
| 2012-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6612.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : A telephony application running on the remote host is affected by a privilege... File : asterisk_ast_2012_004.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : A telephony application running on the remote host is affected by a heap-base... File : asterisk_ast_2012_005.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : A telephony application running on the remote host is affected by a denial of... File : asterisk_ast_2012_006.nasl - Type : ACT_GATHER_INFO |
