Vulnerabilidades em asterisk
17 resultadosCVE-2023-49294MEDIUMAsterisk Path Traversal vulnerabilityEPSS 45.3%CVE-2023-49786HIGHAsterisk susceptible to Denial of Service via DTLS Hello packets during call initiationEPSS 5.3%CVE-2024-42365HIGHAsterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplanEPSS 4.7%CVE-2009-3723—asterisk allows calls on prohibited networksEPSS 1.2%CVE-2023-37457HIGHAsterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'EPSS 1.1%CVE-2024-35190MEDIUMAsterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requestsEPSS 0.6%CVE-2024-42491MEDIUMA malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is usedEPSS 0.5%CVE-2025-54995MEDIUMAsterisk remotely exploitable leak of RTP UDP ports and internal resourcesEPSS 0.4%CVE-2025-49832MEDIUMAsterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory AllocationEPSS 0.4%CVE-2025-47779HIGHUsing malformed From header can forge identity with ";" or NULL in name portionEPSS 0.4%CVE-2025-57767HIGHAsterisk can crash from a specifically malformed Authorization header in an incoming SIP requestEPSS 0.4%CVE-2025-47780MEDIUMcli_permissions.conf: deny option does not work for disallowing shell commandsEPSS 0.2%CVE-2025-1131HIGHAsterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege EscalationEPSS 0.2%CVE-2026-23739LOWAsterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE InjectionEPSS 0.2%CVE-2026-23741NONEast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalationEPSS 0.2%CVE-2026-23738LOWThe Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitizationEPSS 0.2%CVE-2026-23740NONEAsterisk vulnerable to potential privilege escalationEPSS 0.1%