Asterisk Asterisknow vulnerabilities
13 known vulnerabilities affecting asterisk/asterisknow.
Total CVEs
13
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM6LOW1
Vulnerabilities
Page 1 of 1
CVE-2008-3264HIGHCVSS 7.8vbeta_5vbeta_6+2 more2008-07-24
CVE-2008-3264 [HIGH] CWE-287 CVE-2008-3264: The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an
nvd
CVE-2008-1923HIGHCVSS 7.1≤ 1.0.2v1.0+1 more2008-04-23
CVE-2008-1923 [HIGH] CWE-16 CVE-2008-1923: The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
nvd
CVE-2008-1897MEDIUMCVSS 4.3≤ 1.0.2v1.0+1 more2008-04-23
CVE-2008-1897 [MEDIUM] CWE-287 CVE-2008-1897: The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x be
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK respons
nvd
CVE-2008-1390CRITICALCVSS 9.3v1.0vbeta_5+2 more2008-03-24
CVE-2008-1390 [CRITICAL] CWE-255 CVE-2008-1390: The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-b
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack
nvd
CVE-2008-1289HIGHCVSS 7.5PoC≤ 1.0.12008-03-24
CVE-2008-1289 [HIGH] CWE-119 CVE-2008-1289: Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location v
nvd
CVE-2008-1332HIGHCVSS 8.8≤ 1.0.1v1.02008-03-20
CVE-2008-1332 [HIGH] CWE-264 CVE-2008-1332: Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver v
nvd
CVE-2008-0095MEDIUMCVSS 5.0PoC≤ beta_62008-01-08
CVE-2008-0095 [MEDIUM] CWE-399 CVE-2008-0095: The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-be
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header
nvd
CVE-2007-4455MEDIUMCVSS 5.0≤ beta_62007-08-22
CVE-2007-4455 [MEDIUM] CVE-2007-4455: The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before be
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
nvd
CVE-2007-4280LOWCVSS 3.5≤ beta_62007-08-09
CVE-2007-4280 [LOW] CVE-2007-4280: The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before be
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message
nvd
CVE-2007-3762CRITICALCVSS 9.3vbeta_5vbeta_62007-07-18
CVE-2007-3762 [CRITICAL] CVE-2007-3762: Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
nvd
CVE-2007-3764MEDIUMCVSS 5.0PoCvbeta_5vbeta_62007-07-18
CVE-2007-3764 [MEDIUM] CVE-2007-3764: The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business E
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large mem
nvd
CVE-2007-3765MEDIUMCVSS 5.0vbeta_5vbeta_62007-07-18
CVE-2007-3765 [MEDIUM] CVE-2007-3765: The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Develope
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
nvd
CVE-2007-3763MEDIUMCVSS 5.0PoCvbeta_5vbeta_62007-07-18
CVE-2007-3763 [MEDIUM] CVE-2007-3763: The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Editi
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, w
nvd