CVE-2024-35190

CVE-2024-35190

Name

CVE-2024-35190

Description

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
MISC	https://github.com/asterisk/asterisk/pull/600
MISC	https://github.com/asterisk/asterisk/pull/602
CONFIRM	https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9

Type

URI

MISC

https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d

MISC

https://github.com/asterisk/asterisk/pull/600

MISC

https://github.com/asterisk/asterisk/pull/602

CONFIRM

https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9

Source package	Min version	Max version
asterisk	>= 0	= 21.3.0
asterisk	>= 0	= 20.8.0
asterisk	>= 0	= 18.23.0

CPE URI

Source package

Min version

Max version

asterisk

>= 0

= 21.3.0

asterisk

>= 0

= 20.8.0

asterisk

>= 0

= 18.23.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
asterisk	3.19-main	20.9.3-r0	Timo Teras <timo.teras@iki.fi>	fixed
asterisk	3.18-main	18.24.3-r0	Timo Teras <timo.teras@iki.fi>	fixed
asterisk	3.17-main	18.24.3-r0	Timo Teras <timo.teras@iki.fi>	fixed

Source package

Branch

Version

Maintainer

Status

asterisk

3.19-main

20.9.3-r0

Timo Teras <timo.teras@iki.fi>

fixed

asterisk

3.18-main