Skip to main content
CVE-2017-14100 CRITICAL PATCH Act Now

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.6%.

Command Injection Asterisk Certified Asterisk
NVD
CVSS 3.0
9.8
EPSS
33.6%
CVE-2017-14098 HIGH PATCH Act Now

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 40.1%.

Denial Of Service Asterisk
NVD
CVSS 3.0
7.5
EPSS
40.1%
CVE-2017-14099 HIGH PATCH This Week

In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Asterisk Certified Asterisk
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-14114 MEDIUM This Month

RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Rtpproxy
NVD
CVSS 3.0
6.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy