CVE-2024-35190

Опубликовано: 17 мая 2024

Источник: nvd

CVSS3: 5.8

CVSS3: 5.3

EPSS Низкий

Описание

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Ссылки

https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
Patch
https://github.com/asterisk/asterisk/pull/600
Issue Tracking
Patch
https://github.com/asterisk/asterisk/pull/602
Issue Tracking
Patch
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
Exploit
Vendor Advisory
https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
Patch
https://github.com/asterisk/asterisk/pull/600
Issue Tracking
Patch
https://github.com/asterisk/asterisk/pull/602
Issue Tracking
Patch
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sangoma:asterisk:18.23.0:*:*:*:*:*:*:*

cpe:2.3:a:sangoma:asterisk:20.8.0:*:*:*:*:*:*:*

cpe:2.3:a:sangoma:asterisk:21.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00332

Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-303

Связанные уязвимости

CVE-2024-35190

CVSS3: 5.8

ubuntu

больше 1 года назад

CVE-2024-35190

CVSS3: 5.8

debian

больше 1 года назад

Asterisk is an open source private branch exchange and telephony toolk ...

EPSS

Процентиль: 56%

0.00332

Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-303