Digium Certified Asterisk 13.21.0 Cert2

CPE Details

Digium Certified Asterisk 13.21.0 Cert2
digium
certified_asterisk
13.21.0
2019-12-09
15h21 +00:00
2019-12-09
15h21 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*

Informations

Vendor

digium

Product

certified_asterisk

Version

13.21.0

Update

cert2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-18610 2019-11-22 16h31 +00:00 An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
8.8
Haute
CVE-2019-18790 2019-11-22 15h22 +00:00 An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
6.5
Moyen