Refine your search
64 vulnerabilities found for Asterisk by Asterisk
CERTFR-2025-AVI-0739
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | asterisk versions 20.15.x antérieures à 20.15.2 | ||
| Asterisk | Asterisk | asterisk versions 22.5.x antérieures à 22.5.2 | ||
| Asterisk | Asterisk | asterisk versions 18.26.x antérieures à 18.26.4 | ||
| Asterisk | Asterisk | asterisk versions 21.10.x antérieures à 21.10.2 | ||
| Asterisk | Asterisk | asterisk versions 18.9-cert1x antérieures à 18.9-cert17 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "asterisk versions 20.15.x ant\u00e9rieures \u00e0 20.15.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 22.5.x ant\u00e9rieures \u00e0 22.5.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 18.26.x ant\u00e9rieures \u00e0 18.26.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 21.10.x ant\u00e9rieures \u00e0 21.10.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 18.9-cert1x ant\u00e9rieures \u00e0 18.9-cert17",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-57767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57767"
},
{
"name": "CVE-2025-54995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54995"
}
],
"initial_release_date": "2025-08-29T00:00:00",
"last_revision_date": "2025-08-29T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0739",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-64qc-9x89-rx5j",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-557q-795j-wfx2",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"
}
]
}
CERTFR-2025-AVI-0645
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | asterisk versions 20.15.x antérieures à 20.15.1 | ||
| Asterisk | Asterisk | asterisk versions antérieures à 20.7-cert7 | ||
| Asterisk | Asterisk | asterisk versions 18.26.x antérieures à 18.26.3 | ||
| Asterisk | Asterisk | asterisk versions 21.10.x antérieures à 21.10.1 | ||
| Asterisk | Asterisk | asterisk versions 22.5.x antérieures à 22.5.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "asterisk versions 20.15.x ant\u00e9rieures \u00e0 20.15.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions ant\u00e9rieures \u00e0 20.7-cert7",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 18.26.x ant\u00e9rieures \u00e0 18.26.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 21.10.x ant\u00e9rieures \u00e0 21.10.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 22.5.x ant\u00e9rieures \u00e0 22.5.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49832"
},
{
"name": "CVE-2025-1131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1131"
}
],
"initial_release_date": "2025-08-01T00:00:00",
"last_revision_date": "2025-08-01T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0645",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-v9q8-9j8m-5xwp",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"
},
{
"published_at": "2025-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-mrq5-74j5-f5cr",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr"
}
]
}
CERTFR-2025-AVI-0446
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | asterisk versions 18.26.x antérieures à 18.26.2 | ||
| Asterisk | Asterisk | asterisk versions 21.9.x antérieures à 21.9.1 | ||
| Asterisk | Asterisk | asterisk versions 20.7-certx antérieures à 20.7-cert5 | ||
| Asterisk | Asterisk | asterisk versions 20.14.x antérieures à 20.14.1 | ||
| Asterisk | Asterisk | asterisk versions 22.4.x antérieures à 22.4.1 | ||
| Asterisk | Asterisk | asterisk versions 18.9-certx antérieures à 18.9-cert14 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "asterisk versions 18.26.x ant\u00e9rieures \u00e0 18.26.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 21.9.x ant\u00e9rieures \u00e0 21.9.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 20.7-certx ant\u00e9rieures \u00e0 20.7-cert5",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 20.14.x ant\u00e9rieures \u00e0 20.14.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 22.4.x ant\u00e9rieures \u00e0 22.4.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 18.9-certx ant\u00e9rieures \u00e0 18.9-cert14",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47780"
},
{
"name": "CVE-2025-47779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47779"
}
],
"initial_release_date": "2025-05-23T00:00:00",
"last_revision_date": "2025-05-23T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0446",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles permettent \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": "2025-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-c7p6-7mvq-8jq2",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"
},
{
"published_at": "2025-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-2grh-7mhv-fcfw",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"
}
]
}
CERTFR-2025-AVI-0020
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | asterisk versions 22.1.x antérieures à 22.1.1 | ||
| Asterisk | Certified Asterisk | certified-asterisk versions antérieures à 18.9-cert13 | ||
| Asterisk | Asterisk | asterisk versions 21.6.x antérieures à 21.6.1 | ||
| Asterisk | Certified Asterisk | certified-asterisk versions 20.7.x antérieures à 20.7-cert4 | ||
| Asterisk | Asterisk | asterisk versions 20.11.x antérieures à 20.11.1 | ||
| Asterisk | Asterisk | asterisk versions antérieures à 18.26.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "asterisk versions 22.1.x ant\u00e9rieures \u00e0 22.1.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "certified-asterisk versions ant\u00e9rieures \u00e0 18.9-cert13",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 21.6.x ant\u00e9rieures \u00e0 21.6.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "certified-asterisk versions 20.7.x ant\u00e9rieures \u00e0 20.7-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 20.11.x ant\u00e9rieures \u00e0 20.11.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions ant\u00e9rieures \u00e0 18.26.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53566"
}
],
"initial_release_date": "2025-01-10T00:00:00",
"last_revision_date": "2025-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0020",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": "2025-01-09",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-33x6-fj46-6rfh",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh"
}
]
}
CERTFR-2024-AVI-0745
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk versions 20.x et antérieures à 20.9.3 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.x et antérieures à 18.9-cert12 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 20.x et antérieures à 20.7-cert3 | ||
| Asterisk | Asterisk | Asterisk versions 18.x et antérieures à 18.24.3 | ||
| Asterisk | Asterisk | Asterisk versions 21.x et antérieures à 21.4.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk versions 20.x et ant\u00e9rieures \u00e0 20.9.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 18.x et ant\u00e9rieures \u00e0 18.9-cert12",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 20.x et ant\u00e9rieures \u00e0 20.7-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 18.x et ant\u00e9rieures \u00e0 18.24.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 21.x et ant\u00e9rieures \u00e0 21.4.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42491"
}
],
"initial_release_date": "2024-09-06T00:00:00",
"last_revision_date": "2024-09-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0745",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Asterisk. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": "2024-09-05",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-v428-g3cw-7hv9",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"
}
]
}
CERTFR-2024-AVI-0424
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk versions 21.3.x ant\u00e9rieures \u00e0 21.3.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 18.23.x ant\u00e9rieures \u00e0 18.23.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 20.8.x ant\u00e9rieures \u00e0 20.8.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-35190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35190"
}
],
"initial_release_date": "2024-05-21T00:00:00",
"last_revision_date": "2024-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0424",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": "2024-05-17",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-qqxj-v78h-hrf9",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
}
]
}
CERTFR-2023-AVI-1040
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Asterisk. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 20.x.x antérieures à 20.5.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 21.0.x antérieures à 21.0.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.9-cert5 et antérieures | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 18.20.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 20.x.x ant\u00e9rieures \u00e0 20.5.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 21.0.x ant\u00e9rieures \u00e0 21.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 18.9-cert5 et ant\u00e9rieures",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 18.20.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-37457",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37457"
},
{
"name": "CVE-2023-49294",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49294"
},
{
"name": "CVE-2023-49786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49786"
}
],
"initial_release_date": "2023-12-18T00:00:00",
"last_revision_date": "2023-12-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Asterisk\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-98rc-4j27-74hh du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-5743-x3p5-3rg7 du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-8857-hfmw-vg8f du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-hxj9-xwr8-w8pq du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
}
]
}
CERTFR-2023-AVI-0521
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk open source versions 16.x antérieures à 16.30.1 | ||
| Asterisk | Asterisk | Asterisk open source versions 19.x antérieures à 19.8.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.9.x antérieures à Certified-18.9-cert5 | ||
| Asterisk | Asterisk | Asterisk open source versions 18.x antérieures à 18.18.1 | ||
| Asterisk | Asterisk | Asterisk open source versions 20.x antérieures à 20.3.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk open source versions 16.x ant\u00e9rieures \u00e0 16.30.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk open source versions 19.x ant\u00e9rieures \u00e0 19.8.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 18.9.x ant\u00e9rieures \u00e0 Certified-18.9-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk open source versions 18.x ant\u00e9rieures \u00e0 18.18.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk open source versions 20.x ant\u00e9rieures \u00e0 20.3.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23537",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23537"
}
],
"initial_release_date": "2023-07-10T00:00:00",
"last_revision_date": "2023-07-10T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0521",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans\u003cspan class=\"textit\"\u003e\nAsterisk\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-4xjp-22g4-9fxm du 07 juillet 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm"
}
]
}
CERTFR-2022-AVI-1071
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.9.x antérieures à Certified-18.9-cert3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 20.x antérieures à 20.0.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.29.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 19.x antérieures à 19.7.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.15.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 18.9.x ant\u00e9rieures \u00e0 Certified-18.9-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 20.x ant\u00e9rieures \u00e0 20.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.29.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 19.x ant\u00e9rieures \u00e0 19.7.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.15.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-42706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42706"
},
{
"name": "CVE-2022-37325",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37325"
},
{
"name": "CVE-2022-42705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42705"
}
],
"initial_release_date": "2022-12-02T00:00:00",
"last_revision_date": "2022-12-02T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1071",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nAsterisk. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-007 du 30 novembre 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-008 du 30 novembre 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-008.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-009 du 30 novembre 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-009.html"
}
]
}
CERTFR-2022-AVI-348
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk versions 18.x antérieures à 18.11.2 | ||
| Asterisk | Asterisk | Asterisk versions 19.x antérieures à 19.3.2 | ||
| Asterisk | Asterisk | Asterisk versions 16.15.0 et ultérieures mais antérieures à 16.25.2 | ||
| Asterisk | Asterisk | Asterisk versions certifiées antérieures à 16.8-cert14 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk versions 18.x ant\u00e9rieures \u00e0 18.11.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 19.x ant\u00e9rieures \u00e0 19.3.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 16.15.0 et ult\u00e9rieures mais ant\u00e9rieures \u00e0 16.25.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions certifi\u00e9es ant\u00e9rieures \u00e0 16.8-cert14",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26498"
},
{
"name": "CVE-2022-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26651"
},
{
"name": "CVE-2022-26499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26499"
}
],
"initial_release_date": "2022-04-15T00:00:00",
"last_revision_date": "2022-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-348",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-001 du 14 avril 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-002 du 14 avril 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-003 du 14 avril 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
}
]
}
CERTFR-2021-AVI-569
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.5.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.19.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.38.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.9.4 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.x antérieures à 16.8-cert10 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.5.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.19.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.38.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.9.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 16.x ant\u00e9rieures \u00e0 16.8-cert10",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-32558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32558"
},
{
"name": "CVE-2021-31878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31878"
},
{
"name": "CVE-2021-32686",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32686"
}
],
"initial_release_date": "2021-07-23T00:00:00",
"last_revision_date": "2021-07-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-569",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nAsterisk. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-007 du 6 avril 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-009 du 5 mai 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-009.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-008 du 13 avril 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
}
]
}
CERTFR-2021-AVI-170
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.2.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.9.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.16.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.x antérieures à 16.8-cert7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.2.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.9.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.16.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 16.x ant\u00e9rieures \u00e0 16.8-cert7",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-15297",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15297"
}
],
"initial_release_date": "2021-03-05T00:00:00",
"last_revision_date": "2021-03-05T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk du 04 mars 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
}
]
}
CERTFR-2021-AVI-136
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.x antérieures à 16.8-cert6 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.2.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.9.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.38.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.16.1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 16.x ant\u00e9rieures \u00e0 16.8-cert6",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.2.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.9.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.38.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.16.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26712"
},
{
"name": "CVE-2021-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26714"
},
{
"name": "CVE-2021-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26717"
},
{
"name": "CVE-2020-35776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35776"
},
{
"name": "CVE-2021-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26906"
}
],
"initial_release_date": "2021-02-19T00:00:00",
"last_revision_date": "2021-02-19T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-136",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-003 du 18 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-004 du 11 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-002 du 05 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-005 du 08 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-001 du 04 janvier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
}
]
}
CERTFR-2020-AVI-842
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.9.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.1.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.15.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.38.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.9.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.1.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.15.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.38.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2020-12-23T00:00:00",
"last_revision_date": "2020-12-23T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-842",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-12-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2020-003 du 22 d\u00e9cembre 2020",
"url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2020-004 du 22 d\u00e9cembre 2020",
"url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
}
]
}
CERTFR-2020-AVI-720
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.8 antérieures à 16.8-cert5 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.8.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.14.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.0.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.37.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 16.8 ant\u00e9rieures \u00e0 16.8-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.8.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.14.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.37.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28327"
}
],
"initial_release_date": "2020-11-09T00:00:00",
"last_revision_date": "2020-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-720",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-09T00:00:00.000000"
},
{
"description": "Correction faute d\u0027orthographe",
"revision_date": "2020-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2020-001 du 05 novembre 2020",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2020-002 du 05 novembre 2020",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
}
]
}
CERTFR-2019-AVI-587
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 13.29.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 16.6.2 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 13.21-cert5 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 17.0.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 13.29.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 16.6.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 13.21-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 17.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18976",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18976"
},
{
"name": "CVE-2019-18790",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18790"
},
{
"name": "CVE-2019-18610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18610"
}
],
"initial_release_date": "2019-11-22T00:00:00",
"last_revision_date": "2019-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-587",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-007 du 21 novembre 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-006 du 21 novembre 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-008 du 21 novembre 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
}
]
}
CERTFR-2019-AVI-329
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 13.21-cert4 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.4.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.7.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 13.27.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 13.21-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.4.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.7.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 13.27.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-13161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13161"
},
{
"name": "CVE-2019-12827",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12827"
}
],
"initial_release_date": "2019-07-12T00:00:00",
"last_revision_date": "2019-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-329",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-002 du 11 juillet 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-003 du 11 juillet 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-003.html"
}
]
}
CERTFR-2019-AVI-085
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.2.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.7.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-7251",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7251"
}
],
"initial_release_date": "2019-03-01T00:00:00",
"last_revision_date": "2019-03-01T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-085",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-001 du 28 f\u00e9vrier 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-001.html"
}
]
}
CERTFR-2018-AVI-556
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk . Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.6.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-19278",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19278"
}
],
"initial_release_date": "2018-11-15T00:00:00",
"last_revision_date": "2018-11-15T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-556",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-010 du 14 novembre 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-010.html"
}
]
}
CERTFR-2018-AVI-452
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source 15.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk 13.21 toutes versions",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 13.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 14.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-17281",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17281"
}
],
"initial_release_date": "2018-09-24T00:00:00",
"last_revision_date": "2018-09-24T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-452",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-009 du 20 septembre 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
]
}
CERTFR-2018-AVI-276
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk . Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.7.7 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.4.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk version 13.21 antérieure à 13.21-cert2 | ||
| Asterisk | Certified Asterisk | Certified Asterisk version 13.18 antérieure à 13.18-cert4 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.21.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.7.7",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.4.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk version 13.21 ant\u00e9rieure \u00e0 13.21-cert2",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk version 13.18 ant\u00e9rieure \u00e0 13.18-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.21.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2018-06-12T00:00:00",
"last_revision_date": "2018-06-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-276",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk du 11 juin 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
}
]
}
CERTFR-2017-AVI-483
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk . Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk 13.18 toutes versions",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 15.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 13.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 14.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-17850",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17850"
}
],
"initial_release_date": "2017-12-26T00:00:00",
"last_revision_date": "2017-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-483",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-014 du 22 d\u00e9cembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
]
}
CERTFR-2017-AVI-473
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk . Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.1.4 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.7.4 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.13 antérieures à 13.13-cert9 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.18.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.1.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.7.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert9",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.18.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2017-12-14T00:00:00",
"last_revision_date": "2017-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-473",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-012 du 13 d\u00e9cembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-012.html"
}
]
}
CERTFR-2017-AVI-401
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.18.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.1.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.7.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.13 antérieures à 13.13-cert7 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.18.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.1.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.7.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert7",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2017-11-09T00:00:00",
"last_revision_date": "2017-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-401",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-09T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2017-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk . Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-010 du 8 novembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-010.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-009 du 8 novembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-009.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-011 du 8 novembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-011.html"
}
]
}
CERTFR-2017-AVI-313
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Asterisk. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 11.6 antérieures à 11.6-cert18 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.13 antérieures à 13.13-cert6 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 11.x antérieures à 11.25.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.6.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.17.2 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 11.6 ant\u00e9rieures \u00e0 11.6-cert18",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert6",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 11.x ant\u00e9rieures \u00e0 11.25.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.6.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.17.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-14099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14099"
}
],
"initial_release_date": "2017-09-20T00:00:00",
"last_revision_date": "2017-09-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-008 du 19 septembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
}
],
"reference": "CERTFR-2017-AVI-313",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-008 du 19 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-281
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert17 et 13.13-cert5 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 11.25.2, 13.17.1 et 14.6.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert17 et 13.13-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 11.25.2, 13.17.1 et 14.6.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-14099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14099"
},
{
"name": "CVE-2017-14100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14100"
},
{
"name": "CVE-2017-14098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14098"
}
],
"initial_release_date": "2017-09-01T00:00:00",
"last_revision_date": "2017-09-01T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-281",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-006 du 31 ao\u00fbt 2017",
"url": "https://downloads.asterisk.org/pub/security/AST-2017-006.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-007 du 31 ao\u00fbt 2017",
"url": "https://downloads.asterisk.org/pub/security/AST-2017-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-005 du 31 ao\u00fbt 2017",
"url": "https://downloads.asterisk.org/pub/security/AST-2017-005.html"
}
]
}
CERTFR-2017-AVI-102
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Asterisk. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.14.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.3.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2017-04-05T00:00:00",
"last_revision_date": "2017-04-05T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-102",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-04-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-001 du 04 avril 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
]
}
CERTFR-2016-AVI-403
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.8 antérieures à 13.8-cert4 | ||
| Asterisk | Asterisk | Asterisk Open Source toutes les versions 13.x antérieures à 13.13.1 | ||
| Asterisk | Asterisk | Asterisk Open Source toutes les versions 11.x antérieures à 11.25.1 | ||
| Asterisk | Asterisk | Asterisk Open Source toutes les versions 14.x antérieures à 14.2.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 13.8 ant\u00e9rieures \u00e0 13.8-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source toutes les versions 13.x ant\u00e9rieures \u00e0 13.13.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source toutes les versions 11.x ant\u00e9rieures \u00e0 11.25.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source toutes les versions 14.x ant\u00e9rieures \u00e0 14.2.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-12-09T00:00:00",
"last_revision_date": "2016-12-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-008 du 08 d\u00e9cembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk ASTERISK-2016-009du 08 d\u00e9cembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
}
],
"reference": "CERTFR-2016-AVI-403",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-009 du 08 d\u00e9cembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-008 du 08 d\u00e9cembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-302
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source antérieures à 11.23.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.8 antérieures à 13.8-cert3 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert15 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.X antérieures à 13.11.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source ant\u00e9rieures \u00e0 11.23.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.8 ant\u00e9rieures \u00e0 13.8-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert15",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.X ant\u00e9rieures \u00e0 13.11.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-09-09T00:00:00",
"last_revision_date": "2016-09-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-007 du 08 septembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-006 du 08 septembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
}
],
"reference": "CERTFR-2016-AVI-302",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-007 du 08 septembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-006 du 08 septembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-046
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 1.8.x | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.7.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk version 1.8.28 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 12.x | ||
| Asterisk | Asterisk | Asterisk Open Source versions 11.x antérieures à 11.21.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.1 antérieures à 13.1-cert3 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 11.6 antérieures à 11.6-cert12 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 1.8.x",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.7.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk version 1.8.28",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 12.x",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 11.x ant\u00e9rieures \u00e0 11.21.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.1 ant\u00e9rieures \u00e0 13.1-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 11.6 ant\u00e9rieures \u00e0 11.6-cert12",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-02-04T00:00:00",
"last_revision_date": "2016-02-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-002 du 03 f\u00e9vrier 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-003 du 03 f\u00e9vrier 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-001 du 03 f\u00e9vrier 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
}
],
"reference": "CERTFR-2016-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-003 du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-002 du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-001 du 03 f\u00e9vrier 2016",
"url": null
}
]
}