Sangoma Asterisk

28 CVEs affecting Sangoma Asterisk. Latest disclosed: 2026-02-06. Critical: 2, High: 9.

Top CVEs affecting Sangoma Asterisk
CVESeverityScorePublishedSummary
CVE-2024-57520Critical9.82025-02-05Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is dispu…
CVE-2022-21723Critical9.12022-01-27PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN…
CVE-2022-23608High8.12022-02-22PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN…
CVE-2025-1131High7.82025-09-23A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this scr…
CVE-2025-47780High7.82025-05-22Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-…
CVE-2025-47779High7.72025-05-22Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-…
CVE-2025-57767High7.52025-08-28Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an…
CVE-2022-37325High7.52022-12-05In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a ma…
CVE-2009-3723High7.52019-10-29asterisk allows calls on prohibited networks
CVE-2017-9358High7.52017-06-02A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, wh…
CVE-2021-37706High7.32021-12-22PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN…
CVE-2025-54995Medium6.52025-08-28Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can l…
CVE-2025-49832Medium6.52025-08-01Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21…
CVE-2022-42705Medium6.52022-12-05A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Aste…
CVE-2020-28242Medium6.52020-11-06An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk bef…
CVE-2018-12228Medium6.52018-06-12An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a spec…
CVE-2024-35190Medium5.82024-05-17Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpo…
CVE-2024-42491Medium5.72024-09-05Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of…
CVE-2024-53566Medium5.52024-12-02An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.
CVE-2020-28327Medium5.32020-11-06A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Cert…