Vulnerabilities > Sangoma > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-49215 Path Traversal vulnerability in Sangoma Asterisk and Certified Asterisk
An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5.
local
low complexity
sangoma CWE-22
7.8
2023-12-14 CVE-2023-37457 Classic Buffer Overflow vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-120
8.2
2023-12-14 CVE-2023-49294 Path Traversal vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-22
7.5
2023-11-02 CVE-2023-43336 Unspecified vulnerability in Sangoma Freepbx
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
network
low complexity
sangoma
8.8
2023-04-26 CVE-2023-26567 Insufficiently Protected Credentials vulnerability in Sangoma Freepbx Linux 7
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables.
network
low complexity
sangoma CWE-522
8.1
2022-12-05 CVE-2022-37325 Out-of-bounds Write vulnerability in Sangoma Asterisk
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
network
low complexity
sangoma CWE-787
7.5
2020-03-16 CVE-2019-19538 Unspecified vulnerability in Sangoma Freepbx
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
network
low complexity
sangoma
7.2
2019-10-29 CVE-2009-3723 Incorrect Authorization vulnerability in multiple products
asterisk allows calls on prohibited networks
network
low complexity
sangoma debian CWE-863
7.5
2018-01-29 CVE-2018-6393 SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter.
network
low complexity
sangoma CWE-89
7.2
2017-06-02 CVE-2017-9358 Infinite Loop vulnerability in multiple products
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
network
low complexity
sangoma asterisk CWE-835
7.5