Known Vulnerabilities for products from Digium
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Digium".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Digium can be found at device.report : Digium
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-26651 json | An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides po... | 9.8 - CRITICAL | 2022-04-15 | 2023-02-02 |
| CVE-2022-26499 json | An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such... | 9.1 - CRITICAL | 2022-04-15 | 2023-02-02 |
| CVE-2022-26498 json | An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certi... | 7.5 - HIGH | 2022-04-15 | 2023-05-04 |
| CVE-2021-46837 json | res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk bef... | 6.5 - MEDIUM | 2022-08-30 | 2023-01-28 |
| CVE-2021-32558 json | An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.... | 7.5 - HIGH | 2021-07-30 | 2021-11-28 |
| CVE-2021-31878 json | An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be re... | 6.5 - MEDIUM | 2021-07-30 | 2021-08-07 |
| CVE-2021-26906 json | An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x... | 5.9 - MEDIUM | 2021-02-18 | 2021-02-24 |
| CVE-2021-26717 json | An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Ast... | 7.5 - HIGH | 2021-02-18 | 2021-02-24 |
| CVE-2021-26713 json | A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 1... | 6.5 - MEDIUM | 2021-02-19 | 2021-02-26 |
| CVE-2021-26712 json | Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-... | 7.5 - HIGH | 2021-02-18 | 2021-02-24 |
| CVE-2020-35776 json | A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote at... | 6.5 - MEDIUM | 2021-02-18 | 2021-02-24 |
| CVE-2020-35652 json | An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x b... | 6.5 - MEDIUM | 2021-01-29 | 2021-02-04 |
| CVE-2020-28327 json | A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1... | 5.3 - MEDIUM | 2020-11-06 | 2020-11-20 |
| CVE-2019-18976 json | An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it rec... | 7.5 - HIGH | 2019-11-22 | 2022-06-03 |
| CVE-2019-18790 json | An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 1... | 6.5 - MEDIUM | 2019-11-22 | 2022-05-13 |
| CVE-2019-18610 json | An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-... | 8.8 - HIGH | 2019-11-22 | 2022-06-03 |
| CVE-2019-18351 json | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-18790. Reason: This candidate is a duplicate of CVE-2019-... | Not Provided | 2021-03-05 | 2023-11-07 |
| CVE-2019-15639 json | main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call ... | 7.5 - HIGH | 2019-09-09 | 2019-09-10 |
| CVE-2019-15297 json | res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined... | 6.5 - MEDIUM | 2019-09-09 | 2022-08-30 |
| CVE-2019-13161 json | An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and C... | 5.3 - MEDIUM | 2019-07-12 | 2022-06-01 |
Known software with vulnerabilities from Digium
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Digium | Asterisk | 0.1.0 |
| Application | Digium | Asterisknow | 1.5 |
| Application | Digium | Asterisk Gui | 2.1.0 |
| Application | Digium | Certified Asterisk | 0.1.0 |
| Hardware | Digium | S800i | - |
| Operating System | Digium | S800i Firmware | 1.2.0 |