The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Asterisk Open Source

vulnerability note CVE-2019-13161

Asterisk: denial of service via chan_sip

Synthesis of the vulnerability

An attacker can trigger a fatal error via chan_sip of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 12/07/2019.
Identifiers: AST-2019-003, CERTFR-2019-AVI-329, CVE-2019-13161, VIGILANCE-VUL-29754.

Description of the vulnerability

An attacker can trigger a fatal error via chan_sip of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-12827

Asterisk: denial of service via MESSAGE

Synthesis of the vulnerability

An attacker can trigger a fatal error via MESSAGE of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 12/07/2019.
Identifiers: AST-2019-002, CERTFR-2019-AVI-329, CVE-2019-12827, VIGILANCE-VUL-29753.

Description of the vulnerability

An attacker can trigger a fatal error via MESSAGE of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-7251

Asterisk: denial of service via SDP

Synthesis of the vulnerability

An attacker can trigger a fatal error via SDP of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 01/03/2019.
Identifiers: AST-2019-001, CERTFR-2019-AVI-085, CVE-2019-7251, VIGILANCE-VUL-28628.

Description of the vulnerability

An attacker can trigger a fatal error via SDP of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-19278

Asterisk: denial of service via DNS-SRV/NAPTR Lookups

Synthesis of the vulnerability

An attacker can generate a fatal error via DNS-SRV/NAPTR Lookups of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 15/11/2018.
Identifiers: AST-2018-010, CERTFR-2018-AVI-556, CVE-2018-19278, VIGILANCE-VUL-27791.

Description of the vulnerability

An attacker can generate a fatal error via DNS-SRV/NAPTR Lookups of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-17281

Asterisk: denial of service via res_http_websocket.so

Synthesis of the vulnerability

An attacker can generate a fatal error via res_http_websocket.so of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source, Debian.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 21/09/2018.
Identifiers: AST-2018-009, CERTFR-2018-AVI-452, CVE-2018-17281, DLA-1523-1, DSA-4320-1, VIGILANCE-VUL-27278.

Description of the vulnerability

An attacker can generate a fatal error via res_http_websocket.so of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-12227

Asterisk: information disclosure via PJSIP Endpoint Presence

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via PJSIP Endpoint Presence of Asterisk, in order to obtain sensitive information.
Impacted products: Asterisk Open Source, Debian.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 12/06/2018.
Identifiers: AST-2018-008, CERTFR-2018-AVI-276, CVE-2018-12227, DSA-4320-1, VIGILANCE-VUL-26373.

Description of the vulnerability

An attacker can bypass access restrictions to data via PJSIP Endpoint Presence of Asterisk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-12228

Asterisk: infinite loop via iostreams

Synthesis of the vulnerability

An attacker can generate an infinite loop via iostreams of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 12/06/2018.
Identifiers: AST-2018-007, CERTFR-2018-AVI-276, CVE-2018-12228, VIGILANCE-VUL-26372.

Description of the vulnerability

An attacker can generate an infinite loop via iostreams of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1000098 CVE-2018-1000099 CVE-2018-7284

Asterisk: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Asterisk.
Impacted products: Asterisk Open Source, Debian.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 22/02/2018.
Revision date: 27/02/2018.
Identifiers: AST-2018-001, AST-2018-002, AST-2018-003, AST-2018-004, AST-2018-005, AST-2018-006, CERTFR-2018-AVI-097, CVE-2018-1000098, CVE-2018-1000099, CVE-2018-7284, CVE-2018-7285, CVE-2018-7286, CVE-2018-7287, DSA-4170-1, DSA-4320-1, VIGILANCE-VUL-25345.

Description of the vulnerability

An attacker can use several vulnerabilities of Asterisk.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-17090

Asterisk: denial of service via chan_skinny

Synthesis of the vulnerability

An attacker can generate a fatal error via chan_skinny of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source, Debian, Fedora.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 04/12/2017.
Revision date: 08/02/2018.
Identifiers: AST-2017-013, CERTFR-2017-AVI-443, CVE-2017-17090, DLA-1225-1, DSA-4076-1, FEDORA-2017-66e9367f7e, VIGILANCE-VUL-24615.

Description of the vulnerability

An attacker can generate a fatal error via chan_skinny of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-17850

Asterisk: denial of service via PJSIP Resource

Synthesis of the vulnerability

An attacker can generate a fatal error via PJSIP Resource of Asterisk, in order to trigger a denial of service.
Impacted products: Asterisk Open Source, Fedora.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 28/12/2017.
Identifiers: AST-2017-014, CERTFR-2017-AVI-483, CVE-2017-17850, FEDORA-2017-41242dfe10, VIGILANCE-VUL-24885.

Description of the vulnerability

An attacker can generate a fatal error via PJSIP Resource of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Asterisk Open Source: