Vulnerabilities > Asterisk > Open Source > 1.6.2.17

DATE CVE VULNERABILITY TITLE RISK
2012-04-30 CVE-2012-2416 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Asterisk Open Source
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
network
low complexity
asterisk CWE-119
6.5
6.5
2012-04-30 CVE-2012-2415 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Asterisk Open Source
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
network
low complexity
asterisk CWE-119
6.5
6.5
2012-04-30 CVE-2012-2414 Improper Authentication vulnerability in Asterisk Open Source
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
network
low complexity
asterisk CWE-287
6.5
6.5