Sangoma Asterisk
28 CVEs affecting Sangoma Asterisk. Latest disclosed: 2026-02-06. Critical: 2, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-57520 | Critical | 9.8 | 2025-02-05 | Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is dispu… |
CVE-2022-21723 | Critical | 9.1 | 2022-01-27 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN… |
CVE-2022-23608 | High | 8.1 | 2022-02-22 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN… |
CVE-2025-1131 | High | 7.8 | 2025-09-23 | A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this scr… |
CVE-2025-47780 | High | 7.8 | 2025-05-22 | Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-… |
CVE-2025-47779 | High | 7.7 | 2025-05-22 | Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-… |
CVE-2025-57767 | High | 7.5 | 2025-08-28 | Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an… |
CVE-2022-37325 | High | 7.5 | 2022-12-05 | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a ma… |
CVE-2009-3723 | High | 7.5 | 2019-10-29 | asterisk allows calls on prohibited networks |
CVE-2017-9358 | High | 7.5 | 2017-06-02 | A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, wh… |
CVE-2021-37706 | High | 7.3 | 2021-12-22 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN… |
CVE-2025-54995 | Medium | 6.5 | 2025-08-28 | Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can l… |
CVE-2025-49832 | Medium | 6.5 | 2025-08-01 | Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21… |
CVE-2022-42705 | Medium | 6.5 | 2022-12-05 | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Aste… |
CVE-2020-28242 | Medium | 6.5 | 2020-11-06 | An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk bef… |
CVE-2018-12228 | Medium | 6.5 | 2018-06-12 | An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a spec… |
CVE-2024-35190 | Medium | 5.8 | 2024-05-17 | Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpo… |
CVE-2024-42491 | Medium | 5.7 | 2024-09-05 | Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of… |
CVE-2024-53566 | Medium | 5.5 | 2024-12-02 | An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. |
CVE-2020-28327 | Medium | 5.3 | 2020-11-06 | A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Cert… |