This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:digium:asterisk:1.2.20
Detail
VendorDigiumFirst view 2007-07-31
ProductAsteriskLast view2018-02-21
Version1.2.20TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:digium:asterisk

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
52018-02-21CVE-2018-7284NetworkLowNone Requ...
52017-12-01CVE-2017-17090NetworkLowNone Requ...
92014-11-24CVE-2014-8418NetworkLowRequires ...
6.52014-11-24CVE-2014-8417NetworkLowRequires ...
52014-11-24CVE-2014-8416NetworkLowNone Requ...
Hide | Show 14 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52014-11-24CVE-2014-8415NetworkLowNone Requ...
52014-11-24CVE-2014-8414NetworkLowNone Requ...
7.52014-11-24CVE-2014-8413NetworkLowNone Requ...
52014-11-24CVE-2014-8412NetworkLowNone Requ...
4.32014-06-17CVE-2014-4048NetworkMediumNone Requ...
4.32013-01-04CVE-2012-5977NetworkMediumNone Requ...
52013-01-04CVE-2012-5976NetworkLowNone Requ...
62011-01-20CVE-2011-0495NetworkMediumRequires ...
52010-02-23CVE-2010-0685NetworkLowNone Requ...
52009-12-02CVE-2009-4055NetworkLowNone Requ...
52009-11-10CVE-2009-3727NetworkLowNone Requ...
6.52007-11-29CVE-2007-6170NetworkLowRequires ...
6.82007-10-12CVE-2007-5358NetworkMediumNone Requ...
7.82007-07-31CVE-2007-4103NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
33% (5)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
26% (4)CWE-264Permissions, Privileges, and Access Controls
13% (2)CWE-399Resource Management Errors
13% (2)CWE-20Improper Input Validation
6% (1)CWE-200Information Exposure
Hide | Show 1 More...
%idName
6% (1)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-2Inducing Account Lockout
CAPEC-82Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147XML Ping of Death
CAPEC-228Resource Depletion through DTD Injection in a SOAP Message

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:12470DSA-2171-1 asterisk -- buffer overflow
oval:org.mitre.oval:def:18564DSA-2605-1 asterisk - several issues
oval:org.mitre.oval:def:28902DSA-2605-2 -- asterisk -- several issues
oval:org.mitre.oval:def:18041DSA-1417-1 asterisk - SQL injection

Open Source Vulnerability Database (OSVDB)

idDescription
70518Asterisk main/utils.c ast_uri_encode() Function Caller ID Information Overflow
62451Asterisk Dialplan Wildcard Pattern Configuration Manipulation
60569Asterisk rtp.c RTP Comfort Noise Payload Remote DoS
59697Asterisk SIP REGISTER Response Username Enumeration Weakness
38932Asterisk Call Detail Record Postgres Multiple Strings SQL Injection
Hide | Show 3 More...
idDescription
38202Asterisk IMAP Voicemail Backend Crafted Fields Local Overflow
38201Asterisk IMAP Voicemail Backend Crafted Content Header Remote Overflow
38197Asterisk IAX2 Channel Driver (chan_iax2) Incomplete Connection Saturation Rem...

OpenVAS Exploits

idDescription
2011-03-09Name : Debian Security Advisory DSA 2171-1 (asterisk)
File : nvt/deb_2171_1.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201006-20 (asterisk)
File : nvt/glsa_201006_20.nasl
2011-02-04Name : Fedora Update for asterisk FEDORA-2011-0774
File : nvt/gb_fedora_2011_0774_asterisk_fc14.nasl
2011-02-04Name : Fedora Update for asterisk FEDORA-2011-0794
File : nvt/gb_fedora_2011_0794_asterisk_fc13.nasl
2010-04-06Name : Fedora Update for asterisk FEDORA-2010-3381
File : nvt/gb_fedora_2010_3381_asterisk_fc12.nasl
Hide | Show 10 More...
idDescription
2010-03-31Name : Fedora Update for asterisk FEDORA-2010-3724
File : nvt/gb_fedora_2010_3724_asterisk_fc11.nasl
2009-12-30Name : Fedora Core 11 FEDORA-2009-12506 (asterisk)
File : nvt/fcore_2009_12506.nasl
2009-12-30Name : Fedora Core 12 FEDORA-2009-12517 (asterisk)
File : nvt/fcore_2009_12517.nasl
2009-12-30Name : Debian Security Advisory DSA 1952-1 (asterisk)
File : nvt/deb_1952_1.nasl
2009-12-14Name : Fedora Core 10 FEDORA-2009-12461 (asterisk)
File : nvt/fcore_2009_12461.nasl
2009-12-01Name : Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
File : nvt/asterisk_37153.nasl
2009-11-10Name : Asterisk SIP Response Username Enumeration Remote Information Disclosure Vuln...
File : nvt/asterisk_36924.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200802-11 (asterisk)
File : nvt/glsa_200802_11.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-13 (asterisk)
File : nvt/glsa_200804_13.nasl
2008-01-17Name : Debian Security Advisory DSA 1417-1 (asterisk)
File : nvt/deb_1417_1.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2014-A-0085Multiple Vulnerabilities in Asterisk Products
Severity : Category I - VMSKEY : V0052633

Snort® IPS/IDS

DateDescription
2014-01-10Digium Asterisk oversized Content-Length memory corruption attempt
RuleID : 25276 - Type : SERVER-OTHER - Revision : 4
2014-01-10Digium Asterisk RTP comfort noise denial of service attempt
RuleID : 24270 - Type : PROTOCOL-VOIP - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2018-10-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4320.nasl - Type : ACT_GATHER_INFO
2018-03-02Name : A telephony application running on the remote host is affected by multiple vu...
File : asterisk_ast_2018_001-006.nasl - Type : ACT_GATHER_INFO
2018-03-02Name : A telephony application running on the remote host is affected by a Subscribe...
File : asterisk_ast_2018_002-005.nasl - Type : ACT_GATHER_INFO
2018-02-23Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_933654ce17b811e890b8001999f8d30b.nasl - Type : ACT_GATHER_INFO
2018-01-15Name : The remote Fedora host is missing a security update.
File : fedora_2017-66e9367f7e.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2018-01-02Name : The remote Debian host is missing a security update.
File : debian_DLA-1225.nasl - Type : ACT_GATHER_INFO
2018-01-02Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4076.nasl - Type : ACT_GATHER_INFO
2017-12-06Name : A telephony application running on the remote host is affected by a memory ex...
File : asterisk_ast_2017_013.nasl - Type : ACT_GATHER_INFO
2017-12-04Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e91cf90cd6dd11e79d10001999f8d30b.nasl - Type : ACT_GATHER_INFO
2016-05-04Name : The remote Debian host is missing a security update.
File : debian_DLA-455.nasl - Type : ACT_GATHER_INFO
2014-12-29Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-51.nasl - Type : ACT_GATHER_INFO
2014-11-25Name : A telephony application running on the remote host is affected by multiple vu...
File : asterisk_ast_2014_012.nasl - Type : ACT_GATHER_INFO
2014-11-25Name : A telephony application running on the remote host is affected by multiple vu...
File : asterisk_ast_2014_013.nasl - Type : ACT_GATHER_INFO
2014-11-25Name : A telephony application running on the remote host is affected by a denial of...
File : asterisk_ast_2014_014.nasl - Type : ACT_GATHER_INFO
2014-11-25Name : A telephony application running on the remote host is affected by a privilege...
File : asterisk_ast_2014_017.nasl - Type : ACT_GATHER_INFO
2014-11-24Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_7bfd797c716d11e4b008001999f8d30b.nasl - Type : ACT_GATHER_INFO
2014-11-24Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a92ed304716c11e4b008001999f8d30b.nasl - Type : ACT_GATHER_INFO
2014-06-17Name : A telephony application running on the remote host is affected by multiple de...
File : asterisk_ast_2014_008.nasl - Type : ACT_GATHER_INFO
2014-01-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-15.nasl - Type : ACT_GATHER_INFO
2013-04-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-140.nasl - Type : ACT_GATHER_INFO
2013-02-20Name : A telephony application running on the remote host is affected by multiple vu...
File : asterisk_ast_2012_015.nasl - Type : ACT_GATHER_INFO
2013-01-31Name : The remote Fedora host is missing a security update.
File : fedora_2013-0992.nasl - Type : ACT_GATHER_INFO
2013-01-31Name : The remote Fedora host is missing a security update.
File : fedora_2013-0994.nasl - Type : ACT_GATHER_INFO
2013-01-31Name : The remote Fedora host is missing a security update.
File : fedora_2013-1003.nasl - Type : ACT_GATHER_INFO
2013-01-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2605.nasl - Type : ACT_GATHER_INFO