Asterisk Vulnerabilities


The following list includes some of the most critical Asterisk vulnerabilities known to the security community. In any case you find that there is anything missing in this list, please let us know and we will update it as soon as possible.
  1. Asterisk Manager User Shell Access Permission Escalation Vulnerability
  2. Asterisk Manager File Descriptor Resource Exhaustion Vulnerability
  3. Asterisk Invalid Parsing of ACL Rules Can Compromise Security
  4. Asterisk Dialplan Injection Vulnerability
  5. Asterisk T.38 Remote Crash Vulnerability
  6. Asterisk ACL check Vulnerability
  7. Asterisk IAX2 Call Number Resource Exhaustion
  8. Asterisk Open Source Crash Vulnerability in RTP stack
  9. Asterisk Multiple Vulnerabilities
  10. Asterisk SIP Responses Expose Valid Usernames
  11. Asterisk IAX \POKE\ Resource Exhaustion
  12. Ooh323 Channel Driver Crash Vulnerability
  13. Asterisk Crash Vulnerability In SIP Channel Driver When run in Pedantic Mode
  14. IAX2 Incomplete 3-Way Handshake (Spoofing)
  15. Asterisk Multiple RTP Buffer Overflows
  16. RTP Codec Payload Handling Two Buffer Overflows
  17. Asterisk SIP Channel Driver Unauthenticated Calls
  18. Asterisk Logger and Manager Format String Vulnerability
  19. SIP Channel Driver BYE Vulnerability
  20. res_config_pgsql SQL Injection Issue
  21. cdr_pgsql SQL Injection Issue
  22. Asterisk cdr_addon_mysql SQL Injection Vulnerability
  23. IMAP Storage Buffer Overflows in Asterisk\s Voicemail
  24. Resource Exhaustion Vulnerability in Asterisk SIP Channel Driver
  25. Skinny Channel Driver DoS
  26. IAX2 Channel Driver Resource Exhaustion Vulnerability
  27. Stack Buffer Overflow in Asterisk\s IAX2 Channel Driver
  28. Remote Crash Vulnerability in Asterisk\s IAX2 Channel Driver
  29. Remote Crash Vulnerability in Asterisk\s Skinny Channel Driver
  30. Remote Crash Vulnerability in Asterisk\s STUN Implementation
  31. Multiple Unauthenticated Stack Overflows in Asterisk Chan_sip.c (STP)
  32. IAX2 Users can Cause Unauthorized Data Disclosure
  33. Asterisk SIP Denial Of Service Vulnerability (INVITE)
  34. Asterisk SIP DoS Vulnerability (Empty REGISTER)
  35. Asterisk Skinny Unauthenticated Heap Overflow
  36. Asterisk Skinny Heap Overflow (PoC)
  37. Asterisk Multiple Vulnerabilities (AUEP and Record)
  38. Asterisk IAX2 Video Frame Buffer Overflow
  39. Asterisk Manager Interface Buffer Overflow Vulnerability