cbcvebase.

Sangoma Asterisk vulnerabilities

27 known vulnerabilities affecting sangoma/asterisk.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH8MEDIUM14

Vulnerabilities

Page 1 of 2
CVE-2021-37706P2CRITICALCVSS 9.8≥ 16.0.0, < 16.24.1≥ 18.0.0, < 18.10.1+1 more2021-12-22
CVE-2021-37706 [CRITICAL] CWE-191 CVE-2021-37706: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting
nvdosv
CVE-2026-23741P2HIGHCVSS 8.8fixed in 20.18.2≥ 21.0.0, < 21.12.1+2 more2026-02-06
CVE-2026-23741 [HIGH] CWE-427 CVE-2026-23741: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cer Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which reside
nvd
CVE-2022-21723P3CRITICALCVSS 9.1≥ 16.0.0, < 16.24.1≥ 18.0.0, < 18.10.1+1 more2022-01-27
CVE-2022-21723 [CRITICAL] CWE-125 CVE-2022-21723: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users
nvdosv
CVE-2022-23608P3CRITICALCVSS 9.8≥ 16.0.0, < 16.24.1≥ 18.0.0, < 18.10.1+1 more2022-02-22
CVE-2022-23608 [CRITICAL] CWE-416 CVE-2022-23608: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dia
nvdosv
CVE-2012-2186P3CRITICALCVSS 9.0≤ 1.8.15.0≤ 10.7.02012-08-31
CVE-2012-2186 [CRITICAL] CVE-2012-2186: Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 a Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by l
nvdosv
CVE-2024-57520P3CRITICALCVSS 9.8≥ 22.0.0, ≤ 22.5.12025-02-05
CVE-2024-57520 [CRITICAL] CWE-732 CVE-2024-57520: Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary cod Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privil
nvd
CVE-2025-1131P3HIGHCVSS 7.8fixed in 18.26.3≥ 20.0.0, < 20.15.1+2 more2025-09-23
CVE-2025-1131 [HIGH] CWE-427 CVE-2025-1131: A local privilege escalation vulnerability exists in the safe_asterisk script included with the Aste A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitima
nvd
CVE-2025-47780P3HIGHCVSS 7.8fixed in 18.26.2≥ 20.0.0, < 20.14.1+2 more2025-05-22
CVE-2025-47780 [HIGH] CWE-78 CVE-2025-47780: Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1 Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`)
nvd
CVE-2026-23740P3HIGHCVSS 7.8fixed in 20.18.2≥ 21.0.0, < 21.12.1+2 more2026-02-06
CVE-2026-23740 [HIGH] CWE-427 CVE-2026-23740: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cer Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can ca
nvd
CVE-2025-57767P3HIGHCVSS 7.5fixed in 20.15.2≥ 21.0.0, < 21.10.2+1 more2025-08-28
CVE-2025-57767 [HIGH] CWE-253 CVE-2025-57767: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 40
nvd
CVE-2025-49832P3MEDIUMCVSS 6.5fixed in 18.26.3≥ 20.0.0, < 20.15.1+2 more2025-08-01
CVE-2025-49832 [MEDIUM] CWE-476 CVE-2025-49832: Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and incl Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Ide
nvd
CVE-2017-9358P3HIGHCVSS 7.5v13.0.0v13.1.0+24 more2017-06-02
CVE-2017-9358 [HIGH] CWE-835 CVE-2017-9358: A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
nvdosv
CVE-2018-12228P3MEDIUMCVSS 6.5≥ 15.0, < 15.4.12018-06-12
CVE-2018-12228 [MEDIUM] CWE-835 CVE-2018-12228: An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via T An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
nvd
CVE-2025-47779P3MEDIUMCVSS 6.5fixed in 18.26.2≥ 20.0.0, < 20.14.1+2 more2025-05-22
CVE-2025-47779 [MEDIUM] CWE-140 CVE-2025-47779: Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1 Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages
nvd
CVE-2026-23739P3MEDIUMCVSS 6.5fixed in 20.18.2≥ 21.0.0, < 21.12.1+2 more2026-02-06
CVE-2026-23739 [MEDIUM] CWE-611 CVE-2026-23739: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cer Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARS
nvd
CVE-2022-37325P3HIGHCVSS 7.5≥ 16.0.0, < 16.29.1≥ 18.0.0, < 18.15.1+2 more2022-12-05
CVE-2022-37325 [HIGH] CWE-787 CVE-2022-37325: In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an inco In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
nvdosv
CVE-2020-28242P3MEDIUMCVSS 6.5≥ 13.0, < 13.37.1≥ 16.0, < 16.14.1+2 more2020-11-06
CVE-2020-28242 [MEDIUM] CWE-674 CVE-2020-28242: An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x befor An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume mor
nvdosv
CVE-2025-54995P3MEDIUMCVSS 6.5fixed in 18.26.42025-08-28
CVE-2025-54995 [MEDIUM] CWE-400 CVE-2025-54995: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
nvd
CVE-2022-42705P4MEDIUMCVSS 6.5≥ 16.0.0, < 16.29.1≥ 18.14.0, < 18.15.1+2 more2022-12-05
CVE-2022-42705 [MEDIUM] CWE-416 CVE-2022-42705: A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-ce A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.
nvdosv
CVE-2009-2346P4HIGHCVSS 7.8v1.6.1v1.6.1.42009-09-08
CVE-2009-2346 [HIGH] CVE-2009-2346: The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiatin
nvdosv
Sangoma Asterisk vulnerabilities | cvebase