Vulnerabilities > Digium > Asterisk > 11.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-12-12 | CVE-2016-9938 | Improper Authorization vulnerability in Digium Asterisk and Certified Asterisk An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. | 5.0 |
2014-11-24 | CVE-2014-8418 | Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. | 9.0 |
2014-11-24 | CVE-2014-8417 | Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action. | 6.5 |
2014-11-24 | CVE-2014-8412 | Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry. | 5.0 |
2014-06-17 | CVE-2014-4048 | Denial of Service vulnerability in Asterisk PJSIP Channel Driver The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. network digium | 4.3 |