Refine your search
36 vulnerabilities found for Certified Asterisk by Asterisk
CERTFR-2025-AVI-0020
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | asterisk versions 22.1.x antérieures à 22.1.1 | ||
| Asterisk | Certified Asterisk | certified-asterisk versions antérieures à 18.9-cert13 | ||
| Asterisk | Asterisk | asterisk versions 21.6.x antérieures à 21.6.1 | ||
| Asterisk | Certified Asterisk | certified-asterisk versions 20.7.x antérieures à 20.7-cert4 | ||
| Asterisk | Asterisk | asterisk versions 20.11.x antérieures à 20.11.1 | ||
| Asterisk | Asterisk | asterisk versions antérieures à 18.26.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "asterisk versions 22.1.x ant\u00e9rieures \u00e0 22.1.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "certified-asterisk versions ant\u00e9rieures \u00e0 18.9-cert13",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 21.6.x ant\u00e9rieures \u00e0 21.6.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "certified-asterisk versions 20.7.x ant\u00e9rieures \u00e0 20.7-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions 20.11.x ant\u00e9rieures \u00e0 20.11.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "asterisk versions ant\u00e9rieures \u00e0 18.26.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53566"
}
],
"initial_release_date": "2025-01-10T00:00:00",
"last_revision_date": "2025-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0020",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": "2025-01-09",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-33x6-fj46-6rfh",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh"
}
]
}
CERTFR-2024-AVI-0745
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk versions 20.x et antérieures à 20.9.3 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.x et antérieures à 18.9-cert12 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 20.x et antérieures à 20.7-cert3 | ||
| Asterisk | Asterisk | Asterisk versions 18.x et antérieures à 18.24.3 | ||
| Asterisk | Asterisk | Asterisk versions 21.x et antérieures à 21.4.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk versions 20.x et ant\u00e9rieures \u00e0 20.9.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 18.x et ant\u00e9rieures \u00e0 18.9-cert12",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 20.x et ant\u00e9rieures \u00e0 20.7-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 18.x et ant\u00e9rieures \u00e0 18.24.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk versions 21.x et ant\u00e9rieures \u00e0 21.4.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42491"
}
],
"initial_release_date": "2024-09-06T00:00:00",
"last_revision_date": "2024-09-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0745",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Asterisk. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": "2024-09-05",
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-v428-g3cw-7hv9",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"
}
]
}
CERTFR-2023-AVI-1040
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Asterisk. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 20.x.x antérieures à 20.5.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 21.0.x antérieures à 21.0.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.9-cert5 et antérieures | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 18.20.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 20.x.x ant\u00e9rieures \u00e0 20.5.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 21.0.x ant\u00e9rieures \u00e0 21.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 18.9-cert5 et ant\u00e9rieures",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 18.20.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-37457",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37457"
},
{
"name": "CVE-2023-49294",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49294"
},
{
"name": "CVE-2023-49786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49786"
}
],
"initial_release_date": "2023-12-18T00:00:00",
"last_revision_date": "2023-12-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Asterisk\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-98rc-4j27-74hh du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-5743-x3p5-3rg7 du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-8857-hfmw-vg8f du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-hxj9-xwr8-w8pq du 14 d\u00e9cembre 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
}
]
}
CERTFR-2023-AVI-0521
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk open source versions 16.x antérieures à 16.30.1 | ||
| Asterisk | Asterisk | Asterisk open source versions 19.x antérieures à 19.8.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.9.x antérieures à Certified-18.9-cert5 | ||
| Asterisk | Asterisk | Asterisk open source versions 18.x antérieures à 18.18.1 | ||
| Asterisk | Asterisk | Asterisk open source versions 20.x antérieures à 20.3.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk open source versions 16.x ant\u00e9rieures \u00e0 16.30.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk open source versions 19.x ant\u00e9rieures \u00e0 19.8.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 18.9.x ant\u00e9rieures \u00e0 Certified-18.9-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk open source versions 18.x ant\u00e9rieures \u00e0 18.18.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk open source versions 20.x ant\u00e9rieures \u00e0 20.3.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23537",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23537"
}
],
"initial_release_date": "2023-07-10T00:00:00",
"last_revision_date": "2023-07-10T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0521",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans\u003cspan class=\"textit\"\u003e\nAsterisk\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk GHSA-4xjp-22g4-9fxm du 07 juillet 2023",
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm"
}
]
}
CERTFR-2022-AVI-1071
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 18.9.x antérieures à Certified-18.9-cert3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 20.x antérieures à 20.0.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.29.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 19.x antérieures à 19.7.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.15.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 18.9.x ant\u00e9rieures \u00e0 Certified-18.9-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 20.x ant\u00e9rieures \u00e0 20.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.29.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 19.x ant\u00e9rieures \u00e0 19.7.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.15.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-42706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42706"
},
{
"name": "CVE-2022-37325",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37325"
},
{
"name": "CVE-2022-42705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42705"
}
],
"initial_release_date": "2022-12-02T00:00:00",
"last_revision_date": "2022-12-02T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1071",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nAsterisk. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-007 du 30 novembre 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-008 du 30 novembre 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-008.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2022-009 du 30 novembre 2022",
"url": "https://downloads.asterisk.org/pub/security/AST-2022-009.html"
}
]
}
CERTFR-2021-AVI-569
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.5.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.19.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.38.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.9.4 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.x antérieures à 16.8-cert10 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.5.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.19.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.38.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.9.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 16.x ant\u00e9rieures \u00e0 16.8-cert10",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-32558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32558"
},
{
"name": "CVE-2021-31878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31878"
},
{
"name": "CVE-2021-32686",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32686"
}
],
"initial_release_date": "2021-07-23T00:00:00",
"last_revision_date": "2021-07-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-569",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nAsterisk. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-007 du 6 avril 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-009 du 5 mai 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-009.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-008 du 13 avril 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
}
]
}
CERTFR-2021-AVI-170
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.2.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.9.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.16.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.x antérieures à 16.8-cert7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.2.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.9.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.16.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 16.x ant\u00e9rieures \u00e0 16.8-cert7",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-15297",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15297"
}
],
"initial_release_date": "2021-03-05T00:00:00",
"last_revision_date": "2021-03-05T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk du 04 mars 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
}
]
}
CERTFR-2021-AVI-136
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.x antérieures à 16.8-cert6 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.2.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.9.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.38.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.16.1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 16.x ant\u00e9rieures \u00e0 16.8-cert6",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.2.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.9.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.38.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.16.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26712"
},
{
"name": "CVE-2021-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26714"
},
{
"name": "CVE-2021-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26717"
},
{
"name": "CVE-2020-35776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35776"
},
{
"name": "CVE-2021-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26906"
}
],
"initial_release_date": "2021-02-19T00:00:00",
"last_revision_date": "2021-02-19T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-136",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-003 du 18 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-004 du 11 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-002 du 05 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-005 du 08 f\u00e9vrier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2021-001 du 04 janvier 2021",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
}
]
}
CERTFR-2020-AVI-720
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 16.8 antérieures à 16.8-cert5 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 17.x antérieures à 17.8.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.14.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 18.x antérieures à 18.0.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.37.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 16.8 ant\u00e9rieures \u00e0 16.8-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 17.x ant\u00e9rieures \u00e0 17.8.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.14.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 18.x ant\u00e9rieures \u00e0 18.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.37.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28327"
}
],
"initial_release_date": "2020-11-09T00:00:00",
"last_revision_date": "2020-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-720",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-09T00:00:00.000000"
},
{
"description": "Correction faute d\u0027orthographe",
"revision_date": "2020-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2020-001 du 05 novembre 2020",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2020-002 du 05 novembre 2020",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
}
]
}
CERTFR-2019-AVI-587
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 13.29.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 16.6.2 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 13.21-cert5 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 17.0.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 13.29.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 16.6.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 13.21-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 17.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18976",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18976"
},
{
"name": "CVE-2019-18790",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18790"
},
{
"name": "CVE-2019-18610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18610"
}
],
"initial_release_date": "2019-11-22T00:00:00",
"last_revision_date": "2019-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-587",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-007 du 21 novembre 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-006 du 21 novembre 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-008 du 21 novembre 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
}
]
}
CERTFR-2019-AVI-329
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 13.21-cert4 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 16.x antérieures à 16.4.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.7.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 13.27.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 13.21-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 16.x ant\u00e9rieures \u00e0 16.4.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.7.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 13.27.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-13161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13161"
},
{
"name": "CVE-2019-12827",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12827"
}
],
"initial_release_date": "2019-07-12T00:00:00",
"last_revision_date": "2019-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-329",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-002 du 11 juillet 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2019-003 du 11 juillet 2019",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-003.html"
}
]
}
CERTFR-2018-AVI-452
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source 15.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk 13.21 toutes versions",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 13.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 14.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-17281",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17281"
}
],
"initial_release_date": "2018-09-24T00:00:00",
"last_revision_date": "2018-09-24T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-452",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-009 du 20 septembre 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
]
}
CERTFR-2018-AVI-276
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk . Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.7.7 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.4.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk version 13.21 antérieure à 13.21-cert2 | ||
| Asterisk | Certified Asterisk | Certified Asterisk version 13.18 antérieure à 13.18-cert4 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.21.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.7.7",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.4.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk version 13.21 ant\u00e9rieure \u00e0 13.21-cert2",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk version 13.18 ant\u00e9rieure \u00e0 13.18-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.21.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2018-06-12T00:00:00",
"last_revision_date": "2018-06-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-276",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk du 11 juin 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
}
]
}
CERTFR-2018-AVI-097
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk . Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | N/A | Asterix Open Source versions 13.x antérieures à 13.19.2 | ||
| Asterisk | N/A | Asterix Open Source versions 15.x antérieures à 15.2.2 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 13.18-cert3 | ||
| Asterisk | N/A | Asterix Open Source versions 14.x antérieures à 14.7.6 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterix Open Source versions 13.x ant\u00e9rieures \u00e0 13.19.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterix Open Source versions 15.x ant\u00e9rieures \u00e0 15.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 13.18-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterix Open Source versions 14.x ant\u00e9rieures \u00e0 14.7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7284",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7284"
},
{
"name": "CVE-2018-7286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7286"
},
{
"name": "CVE-2018-7287",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7287"
}
],
"initial_release_date": "2018-02-22T00:00:00",
"last_revision_date": "2018-02-22T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-097",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-002 du 21 f\u00e9vrier 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-006 du 21 f\u00e9vrier 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-006.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-004 du 21 f\u00e9vrier 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-005 du 21 f\u00e9vrier 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2018-003 du 21 f\u00e9vrier 2018",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-003.html"
}
]
}
CERTFR-2017-AVI-483
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk . Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk 13.18 toutes versions",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 15.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 13.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source 14.x toutes versions",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-17850",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17850"
}
],
"initial_release_date": "2017-12-26T00:00:00",
"last_revision_date": "2017-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-483",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-014 du 22 d\u00e9cembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
]
}
CERTFR-2017-AVI-473
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Asterisk . Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.1.4 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.7.4 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.13 antérieures à 13.13-cert9 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.18.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.1.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.7.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert9",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.18.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2017-12-14T00:00:00",
"last_revision_date": "2017-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-473",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Asterisk . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-012 du 13 d\u00e9cembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-012.html"
}
]
}
CERTFR-2017-AVI-401
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Asterisk . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.18.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 15.x antérieures à 15.1.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.7.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.13 antérieures à 13.13-cert7 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.18.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 15.x ant\u00e9rieures \u00e0 15.1.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.7.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert7",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2017-11-09T00:00:00",
"last_revision_date": "2017-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-401",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-09T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2017-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Asterisk . Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-010 du 8 novembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-010.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-009 du 8 novembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-009.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-011 du 8 novembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-011.html"
}
]
}
CERTFR-2017-AVI-313
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Asterisk. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 11.6 antérieures à 11.6-cert18 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.13 antérieures à 13.13-cert6 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 11.x antérieures à 11.25.3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 14.x antérieures à 14.6.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.17.2 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 11.6 ant\u00e9rieures \u00e0 11.6-cert18",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert6",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 11.x ant\u00e9rieures \u00e0 11.25.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.6.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.17.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-14099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14099"
}
],
"initial_release_date": "2017-09-20T00:00:00",
"last_revision_date": "2017-09-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-008 du 19 septembre 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
}
],
"reference": "CERTFR-2017-AVI-313",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-008 du 19 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-281
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert17 et 13.13-cert5 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 11.25.2, 13.17.1 et 14.6.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert17 et 13.13-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 11.25.2, 13.17.1 et 14.6.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-14099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14099"
},
{
"name": "CVE-2017-14100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14100"
},
{
"name": "CVE-2017-14098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14098"
}
],
"initial_release_date": "2017-09-01T00:00:00",
"last_revision_date": "2017-09-01T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-281",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-006 du 31 ao\u00fbt 2017",
"url": "https://downloads.asterisk.org/pub/security/AST-2017-006.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-007 du 31 ao\u00fbt 2017",
"url": "https://downloads.asterisk.org/pub/security/AST-2017-007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-005 du 31 ao\u00fbt 2017",
"url": "https://downloads.asterisk.org/pub/security/AST-2017-005.html"
}
]
}
CERTFR-2017-AVI-102
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Asterisk. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.14.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 14.x ant\u00e9rieures \u00e0 14.3.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.13 ant\u00e9rieures \u00e0 13.13-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2017-04-05T00:00:00",
"last_revision_date": "2017-04-05T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-102",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-04-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2017-001 du 04 avril 2017",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
]
}
CERTFR-2016-AVI-403
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.8 antérieures à 13.8-cert4 | ||
| Asterisk | Asterisk | Asterisk Open Source toutes les versions 13.x antérieures à 13.13.1 | ||
| Asterisk | Asterisk | Asterisk Open Source toutes les versions 11.x antérieures à 11.25.1 | ||
| Asterisk | Asterisk | Asterisk Open Source toutes les versions 14.x antérieures à 14.2.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions 13.8 ant\u00e9rieures \u00e0 13.8-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source toutes les versions 13.x ant\u00e9rieures \u00e0 13.13.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source toutes les versions 11.x ant\u00e9rieures \u00e0 11.25.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source toutes les versions 14.x ant\u00e9rieures \u00e0 14.2.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-12-09T00:00:00",
"last_revision_date": "2016-12-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-008 du 08 d\u00e9cembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk ASTERISK-2016-009du 08 d\u00e9cembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
}
],
"reference": "CERTFR-2016-AVI-403",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-009 du 08 d\u00e9cembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-008 du 08 d\u00e9cembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-302
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source antérieures à 11.23.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.8 antérieures à 13.8-cert3 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert15 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.X antérieures à 13.11.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source ant\u00e9rieures \u00e0 11.23.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.8 ant\u00e9rieures \u00e0 13.8-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert15",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.X ant\u00e9rieures \u00e0 13.11.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-09-09T00:00:00",
"last_revision_date": "2016-09-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-007 du 08 septembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-006 du 08 septembre 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
}
],
"reference": "CERTFR-2016-AVI-302",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-007 du 08 septembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-006 du 08 septembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-046
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions 1.8.x | ||
| Asterisk | Asterisk | Asterisk Open Source versions 13.x antérieures à 13.7.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk version 1.8.28 | ||
| Asterisk | Asterisk | Asterisk Open Source versions 12.x | ||
| Asterisk | Asterisk | Asterisk Open Source versions 11.x antérieures à 11.21.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 13.1 antérieures à 13.1-cert3 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions 11.6 antérieures à 11.6-cert12 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions 1.8.x",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 13.x ant\u00e9rieures \u00e0 13.7.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk version 1.8.28",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 12.x",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions 11.x ant\u00e9rieures \u00e0 11.21.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 13.1 ant\u00e9rieures \u00e0 13.1-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions 11.6 ant\u00e9rieures \u00e0 11.6-cert12",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-02-04T00:00:00",
"last_revision_date": "2016-02-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-002 du 03 f\u00e9vrier 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-003 du 03 f\u00e9vrier 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-001 du 03 f\u00e9vrier 2016",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
}
],
"reference": "CERTFR-2016-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-003 du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-002 du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2016-001 du 03 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2015-AVI-179
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les produits Asterisk. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 1.8.28-cert5 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 11.17.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 12.8.2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 1.8.32.3 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert11 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 13.1-cert2 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 13.3.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 1.8.28-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 11.17.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 12.8.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 1.8.32.3",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert11",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 13.1-cert2",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 13.3.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3008",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3008"
}
],
"initial_release_date": "2015-04-16T00:00:00",
"last_revision_date": "2015-04-16T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-179",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2015-003 du 08 avril 2015",
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
}
]
}
CERTFR-2015-AVI-046
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Certified Asterisk | versions antérieures à Certified Asterisk 1.8.28-cert4 | ||
| Asterisk | Asterisk | versions antérieures à Asterisk Open Source 12.8.1 | ||
| Asterisk | Asterisk | versions antérieures à Asterisk Open Source 1.8.32.2 | ||
| Asterisk | Asterisk | versions antérieures à Asterisk Open Source 11.15.1 | ||
| Asterisk | Asterisk | Versions antérieures à Asterisk Open Source 13.1.1 | ||
| Asterisk | Certified Asterisk | versions antérieures à Certified Asterisk 11.6-cert10 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 Certified Asterisk 1.8.28-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Asterisk Open Source 12.8.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Asterisk Open Source 1.8.32.2",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Asterisk Open Source 11.15.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 Asterisk Open Source 13.1.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Certified Asterisk 11.6-cert10",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8150",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
}
],
"initial_release_date": "2015-01-30T00:00:00",
"last_revision_date": "2015-01-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2015-002 du 28 janvier 2015",
"url": "http://downloads.asterisk.org/pub/security/AST-2015-002.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2015-001 du 28 janvier 2015",
"url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
}
],
"reference": "CERTFR-2015-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2015-002 du 28 janvier 2015",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2015-001 du 28 janvier 2015",
"url": null
}
]
}
CERTFR-2014-AVI-493
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 11.14.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert8 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 13.0.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 1.8.28-cert3 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 1.8.32.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 12.7.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 11.14.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert8",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 13.0.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 1.8.28-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 1.8.32.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 12.7.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8415",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8415"
},
{
"name": "CVE-2014-8414",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8414"
},
{
"name": "CVE-2014-8416",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8416"
},
{
"name": "CVE-2014-8413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8413"
},
{
"name": "CVE-2014-8417",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8417"
},
{
"name": "CVE-2014-8418",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8418"
},
{
"name": "CVE-2014-8412",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8412"
}
],
"initial_release_date": "2014-11-24T00:00:00",
"last_revision_date": "2014-11-24T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-493",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk du 20 novembre 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.pdf"
}
]
}
CERTFR-2014-AVI-394
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 12.5.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert6",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 11.12.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-6609",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6609"
},
{
"name": "CVE-2014-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6610"
}
],
"initial_release_date": "2014-09-19T00:00:00",
"last_revision_date": "2014-09-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-010 du 18 septembre 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-009 du 18 septembre 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
}
],
"reference": "CERTFR-2014-AVI-394",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-009 du 18 septembre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-010 du 18 septembre 2014",
"url": null
}
]
}
CERTFR-2014-AVI-289
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 1.8.28.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 11.10.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 1.8.15-cert6 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 12.3.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert3 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 1.8.28.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 11.10.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 1.8.15-cert6",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 12.3.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4046"
},
{
"name": "CVE-2014-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4048"
},
{
"name": "CVE-2014-4045",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4045"
},
{
"name": "CVE-2014-4047",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4047"
}
],
"initial_release_date": "2014-06-30T00:00:00",
"last_revision_date": "2014-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-289",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-007 du 12 juin 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-005 du 12 juin 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-005.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-006 du 12 juin 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-008 du 12 juin 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-008.pdf"
}
]
}
CERTFR-2014-AVI-125
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 1.8.26.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 11.8.1 | ||
| Asterisk | Asterisk | Asterisk Open Source versions antérieures à 12.1.1 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 1.8.15-cert5 | ||
| Asterisk | Certified Asterisk | Certified Asterisk versions antérieures à 11.6-cert2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 1.8.26.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 11.8.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Asterisk Open Source versions ant\u00e9rieures \u00e0 12.1.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 1.8.15-cert5",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Certified Asterisk versions ant\u00e9rieures \u00e0 11.6-cert2",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2286"
},
{
"name": "CVE-2014-2288",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2288"
},
{
"name": "CVE-2014-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2287"
}
],
"initial_release_date": "2014-03-13T00:00:00",
"last_revision_date": "2014-03-13T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-125",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-001 du 10 mars 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-003 du 10 mars 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2014-002 du 10 mars 2014",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
}
]
}
CERTA-2013-AVI-680
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Asterisk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Asterisk | Asterisk | Versions antérieures à Asterisk Open Source 1.8.24.1 | ||
| Asterisk | Asterisk | Versions antérieures à Asterisk Open Source 10.12.4 | ||
| Asterisk | Certified Asterisk | Versions antérieures à Certified Asterisk 1.8.15-cert4 | ||
| Asterisk | Certified Asterisk | Versions antérieures à Certified Asterisk 11.2-cert3 | ||
| Asterisk | Asterisk | Versions antérieures à Asterisk avec Digiumphones 10.12.4-digiumphones | ||
| Asterisk | Asterisk | Versions antérieures à Asterisk Open Source 11.6.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 Asterisk Open Source 1.8.24.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 Asterisk Open Source 10.12.4",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 Certified Asterisk 1.8.15-cert4",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 Certified Asterisk 11.2-cert3",
"product": {
"name": "Certified Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 Asterisk avec Digiumphones 10.12.4-digiumphones",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 Asterisk Open Source 11.6.1",
"product": {
"name": "Asterisk",
"vendor": {
"name": "Asterisk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-7100",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7100"
}
],
"initial_release_date": "2013-12-18T00:00:00",
"last_revision_date": "2013-12-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2013-006 du 16 d\u00e9cembre 2013",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2013-007 du 16 d\u00e9cembre 2013",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-007.html"
}
],
"reference": "CERTA-2013-AVI-680",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAsterisk\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2013-007 du 16 d\u00e9cembre 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2013-006 du 16 d\u00e9cembre 2013",
"url": null
}
]
}