Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Asterisk — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting Asterisk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Asterisk serves as an open-source communication platform for VoIP, PBX, and unified communications systems. Historically, it has faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, privilege escalation, and authentication bypass issues. Security researchers have identified flaws in its SIP channel drivers, web interfaces, and session handling mechanisms. While no single major incident stands out, the accumulation of 17 CVEs over time indicates consistent security challenges in handling untrusted input and maintaining proper access controls. Its modular architecture, while flexible, introduces multiple potential attack surfaces that require careful configuration and regular updates to mitigate risks.

Top products by Asterisk: asterisk
CVE IDTitleCVSSSeverityPublished
CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation — asteriskCWE-427--2026-02-06
CVE-2026-23740 Asterisk vulnerable to potential privilege escalation — asteriskCWE-427--2026-02-06
CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection — asteriskCWE-611 2.0 Low2026-02-06
CVE-2026-23738 The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization — asteriskCWE-79 3.5 Low2026-02-06
CVE-2025-1131 Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation — AsteriskCWE-427 7.8AIHighAI2025-09-23
CVE-2025-57767 Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request — asteriskCWE-253 7.5 High2025-08-28
CVE-2025-54995 Asterisk remotely exploitable leak of RTP UDP ports and internal resources — asteriskCWE-1286 6.5 Medium2025-08-28
CVE-2025-49832 Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation — asteriskCWE-476 6.5 Medium2025-08-01
CVE-2025-47780 cli_permissions.conf: deny option does not work for disallowing shell commands — asteriskCWE-78 8.8AIHighAI2025-05-22
CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion — asteriskCWE-140 7.7 High2025-05-22
CVE-2024-42491 A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used — asteriskCWE-252 5.7 Medium2024-09-05
CVE-2024-42365 Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan — asteriskCWE-267 7.4 High2024-08-08
CVE-2024-35190 Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests — asteriskCWE-303 5.8 Medium2024-05-17
CVE-2023-49786 Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation — asteriskCWE-703 7.5 High2023-12-14
CVE-2023-37457 Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update' — asteriskCWE-120 7.5 High2023-12-14
CVE-2023-49294 Asterisk Path Traversal vulnerability — asteriskCWE-22 4.9 Medium2023-12-14
CVE-2009-3723 Digium Asterisk 安全漏洞 — asterisk--2019-10-29

This page lists every published CVE security advisory associated with Asterisk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.