GCVE - cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*

part: a version: 13.13.0 update: cert3

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Certified Asterisk (`57dadbdf-496a-598b-b5de-a5360c9eb937`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-42365`	vulnerable	2026-06-03 14:56:36.181955	Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan HIGH (7.4) Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. Published: 2024-08-08T16:29:07.436Z Updated: 2025-11-03T22:04:48.935Z Open on db.gcve.eu Reference links https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44 https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8 https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-9358`	vulnerable	2026-06-03 14:37:41.473490	Details available A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Published: 2017-06-02T05:04:00.000Z Updated: 2024-08-05T17:02:44.392Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1038531 http://www.securityfocus.com/bid/98573 http://downloads.asterisk.org/pub/security/AST-2017-004.txt https://bugs.debian.org/863906	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Asterisk Certified Asterisk 13.13.0 Cert3

PURL mappings

Vulnerability references

Contribute