Vulnerability in Digium Asterisk
CVE-2016-2232
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized p…
EPSS: 0.079 (92.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Digium Asterisk — versions 1.8.0, 1.8.1, 1.8.1.1
- Digium Certified_asterisk — versions 1.8.28, 11.6, 11.6.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 1034931 (vdb-entry, x_refsource_SECTRACK)
- DSA-3700 (vendor-advisory, x_refsource_DEBIAN)
Frequently asked questions
- What is CVE-2016-2232?
- CVE-2016-2232 is a medium-severity vulnerability in Digium Asterisk. CVSS score: 6.5/10. Published 2016-02-22.
- How severe is CVE-2016-2232?
- Medium severity. CVSS v3 base score is 6.5 out of 10.