MEDIUM🇵🇱 Wersja polska

CVE-2024-35190

CVSS 5.8v3.1pub. 2024-05-17upd. 2025-08-26

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • Sangoma Asterisk

    APP
    Sangoma
    18.23.020.8.021.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-57520CRITICAL9.8PL ✓ten sam produkt

Insecure Permissions w Sangoma Asterisk v22 — tworzenie plików poza katalogiem aplikacji

CVE-2022-21723CRITICAL9.1ten sam produkt

PJSIP is a free and open source multimedia communication library written in C language implementing standard b...

CVE-2025-1131HIGH7.0ten sam produkt

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolk...

CVE-2025-57767HIGH7.5ten sam produkt

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, ...

CVE-2025-47779HIGH7.7ten sam produkt

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4...