| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-5977 |
119 |
|
DoS Overflow |
2013-01-04 |
2013-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. |
|
2 |
CVE-2012-5976 |
119 |
|
DoS Overflow |
2013-01-04 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. |
|
3 |
CVE-2012-4737 |
264 |
|
Bypass |
2012-08-31 |
2013-04-18 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. |
|
4 |
CVE-2012-3863 |
399 |
|
DoS |
2012-07-09 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. |
|
5 |
CVE-2012-3812 |
399 |
|
DoS |
2012-07-09 |
2013-04-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. |
|
6 |
CVE-2012-2947 |
16 |
|
DoS |
2012-06-02 |
2012-08-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. |
|
7 |
CVE-2012-1184 |
119 |
|
DoS Exec Code Overflow |
2012-09-18 |
2012-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header. |
|
8 |
CVE-2012-1183 |
119 |
|
DoS Overflow |
2012-09-18 |
2012-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet. |
|
9 |
CVE-2011-4598 |
200 |
|
DoS +Info |
2011-12-14 |
2012-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. |
|
10 |
CVE-2011-4597 |
200 |
|
+Info |
2011-12-14 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. |
|
11 |
CVE-2011-2665 |
|
|
DoS |
2011-07-06 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. |
|
12 |
CVE-2011-2536 |
200 |
|
+Info |
2011-07-06 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. |
|
13 |
CVE-2011-2535 |
20 |
|
DoS |
2011-07-06 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. |
|
14 |
CVE-2011-2529 |
119 |
|
DoS Overflow Mem. Corr. |
2011-07-06 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. |
|
15 |
CVE-2011-2216 |
|
|
DoS |
2011-06-06 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header. |
|
16 |
CVE-2011-1599 |
20 |
|
Exec Code |
2011-04-26 |
2011-09-06 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. |
|
17 |
CVE-2011-1507 |
399 |
|
DoS |
2011-04-26 |
2011-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. |
|
18 |
CVE-2011-1175 |
|
|
DoS |
2011-03-31 |
2011-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API. |
|
19 |
CVE-2011-1174 |
399 |
|
DoS |
2011-03-31 |
2011-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data. |
|
20 |
CVE-2011-1147 |
119 |
|
DoS Exec Code Overflow |
2011-03-15 |
2011-08-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet. |
