Known Vulnerabilities for Asterisk by Digium
Listed below are 10 of the newest known vulnerabilities associated with "Asterisk" by "Digium".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-32558 | An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.... | 7.5 - HIGH | 2021-07-30 | 2021-11-28 |
| CVE-2021-31878 | An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be re... | 6.5 - MEDIUM | 2021-07-30 | 2021-08-07 |
| CVE-2021-26906 | An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x... | 5.9 - MEDIUM | 2021-02-18 | 2021-02-24 |
| CVE-2021-26717 | An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Ast... | 7.5 - HIGH | 2021-02-18 | 2021-02-24 |
| CVE-2021-26713 | A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 1... | 6.5 - MEDIUM | 2021-02-19 | 2021-02-26 |
| CVE-2021-26712 | Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-... | 7.5 - HIGH | 2021-02-18 | 2021-02-24 |
| CVE-2020-35776 | A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote at... | 6.5 - MEDIUM | 2021-02-18 | 2021-02-24 |
| CVE-2020-35652 | An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x b... | 6.5 - MEDIUM | 2021-01-29 | 2021-02-04 |
| CVE-2019-12827 | Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows re... | 6.5 - MEDIUM | 2019-07-12 | 2021-07-21 |
| CVE-2019-7251 | An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlie... | 6.5 - MEDIUM | 2019-03-28 | 2019-04-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Digium | Asterisk | c.3.7.5 | - | business | All |
| Application | Digium | Asterisk | c.3.6.4 | - | business | All |
| Application | Digium | Asterisk | c.3.6.3 | - | business | All |
| Application | Digium | Asterisk | c.3.6.2 | - | business | All |
| Application | Digium | Asterisk | c.3.3.2 | - | business | All |
| Application | Digium | Asterisk | c.3.2.3 | - | business | All |
| Application | Digium | Asterisk | c.3.2.2 | - | business | All |
| Application | Digium | Asterisk | c.3.1.1 | - | business | All |
| Application | Digium | Asterisk | c.3.1.0 | - | business | All |
| Application | Digium | Asterisk | c.3.0 | - | business | All |
| Application | Digium | Asterisk | c.2.3 | - | business | All |
| Application | Digium | Asterisk | c.1.8.1 | - | business | All |
| Application | Digium | Asterisk | c.1.8.0 | - | business | All |
| Application | Digium | Asterisk | c.1.6.2 | - | business | All |
| Application | Digium | Asterisk | c.1.6.1 | - | business | All |
| Application | Digium | Asterisk | c.1.6 | - | business | All |
| Application | Digium | Asterisk | c.1.0_beta5 | All | All | All |
| Application | Digium | Asterisk | c.1.0 | beta8 | business | All |
| Application | Digium | Asterisk | c.1.0 | beta7 | business | All |
| Application | Digium | Asterisk | c | - | business | All |