CPE-C30815FD-F41D-46D5-83B0-C7BA98413C33 Détail

CPE Details

Sangoma Certified Asterisk 18.9 Cert2

Vendor

sangoma

Product

certified_asterisk

Version

18.9

Created

2022-12-07
14h39 +00:00

Modifié

2023-08-18
15h16 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2::::::

Informations

Vendor

sangoma

Product

certified_asterisk

Version

18.9

Update

cert2

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2023-49786	2023-12-14 19h47 +00:00	Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.	7.5	Haute
CVE-2023-37457	2023-12-14 19h43 +00:00	Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.	8.2	Haute
CVE-2023-49294	2023-12-14 19h40 +00:00	Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.	7.5	Haute
CVE-2022-42705	2022-12-04 23h00 +00:00	A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.	6.5	Moyen

Sangoma Certified Asterisk 18.9 Cert2

CPE Details

CPE Name: cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2::::::