Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-35190

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Published

2024-05-17T17:15:07.067

Last Modified

2025-08-26T16:19:01.210

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-303
CWE-480
CWE-670

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sangoma	asterisk	18.23.0	Yes
Application	sangoma	asterisk	20.8.0	Yes
Application	sangoma	asterisk	21.3.0	Yes

References

https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d Patch ([email protected])
https://github.com/asterisk/asterisk/pull/600 Issue Tracking, Patch ([email protected])
https://github.com/asterisk/asterisk/pull/602 Issue Tracking, Patch ([email protected])
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9 Exploit, Vendor Advisory ([email protected])
https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/asterisk/asterisk/pull/600 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/asterisk/asterisk/pull/602 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)