Digium Certified Asterisk 13.21.0 Cert2
Approved changes feed: RSS · Atom
cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*
part: a version: 13.21.0 update: cert2
| Vendor | Digium (05ad29b7-5b41-56d5-935d-a279ab7f14bc) |
|---|---|
| Product | Certified Asterisk (28acf01c-dbb1-5902-9616-b4c28682b220) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:asterisk/telephony/certified-asterisk |
purl2cpe | 2026-06-01 10:15:42.007999 |
pkg:github/asterisk/asterisk |
purl2cpe | 2026-06-01 10:15:42.008001 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-18790 |
vulnerable | 2026-06-08 05:13:12.135291 |
Details available
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
Published: 2019-11-22T16:22:55.000Z
Updated: 2024-08-05T02:02:38.262Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-18610 |
vulnerable | 2026-06-08 05:13:11.690203 |
Details available
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
Published: 2019-11-22T17:31:16.000Z
Updated: 2024-08-05T01:54:14.490Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.