Vulnerabilities > Sangoma > Asterisk > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-49215 Path Traversal vulnerability in Sangoma Asterisk and Certified Asterisk
An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5.
local
low complexity
sangoma CWE-22
7.8
2022-12-05 CVE-2022-37325 Out-of-bounds Write vulnerability in Sangoma Asterisk
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
network
low complexity
sangoma CWE-787
7.5
2019-10-29 CVE-2009-3723 Incorrect Authorization vulnerability in multiple products
asterisk allows calls on prohibited networks
network
low complexity
sangoma debian CWE-863
7.5
2017-06-02 CVE-2017-9358 Infinite Loop vulnerability in multiple products
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
network
low complexity
sangoma asterisk CWE-835
7.5