GCVE - cpe:2.3:a:asterisk:open_source:1.6.2.15:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:open_source:1.6.2.15:*:*:*:*:*:*:*

part: a version: 1.6.2.15 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Open Source (`8a2c0991-ed09-534c-8225-148908a50b94`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:23.436803
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:23.436805
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:23.436807
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:23.436808
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:23.436809

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-2416`	vulnerable	2026-06-03 14:31:53.278480	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel. Published: 2012-04-30T20:00:00.000Z Updated: 2024-08-06T19:34:25.329Z Open on db.gcve.eu Reference links https://issues.asterisk.org/jira/browse/ASTERISK-19770 http://www.securitytracker.com/id?1026963 http://osvdb.org/81456 http://www.securityfocus.com/bid/53205 https://exchange.xforce.ibmcloud.com/vulnerabilities/75101	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2415`	vulnerable	2026-06-03 14:31:53.274703	Details available Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events. Published: 2012-04-30T20:00:00.000Z Updated: 2024-08-06T19:34:24.320Z Open on db.gcve.eu Reference links http://osvdb.org/81455 http://www.debian.org/security/2012/dsa-2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/75102 http://secunia.com/advisories/48941 http://www.securitytracker.com/id?1026962	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2414`	vulnerable	2026-06-03 14:31:53.216288	Details available main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action. Published: 2012-04-30T20:00:00.000Z Updated: 2024-08-06T19:34:25.544Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2460 http://osvdb.org/81454 http://www.securitytracker.com/id?1026961 http://downloads.asterisk.org/pub/security/AST-2012-004.html http://secunia.com/advisories/48941	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.