CVE-2024-35190

CVSS V2 None CVSS V3 None

Description

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Overview

CVE ID
CVE-2024-35190

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-05-17T16:55:41.346Z

Last Modified Date
2024-05-17T16:55:41.346Z

Weakness Enumerations

CWE	URL
CWE-303	http://cwe.mitre.org/data/definitions/303.html
CWE-480	http://cwe.mitre.org/data/definitions/480.html
CWE-670	http://cwe.mitre.org/data/definitions/670.html

References

Reference URL	Reference Tags
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9	x_refsource_CONFIRM
https://github.com/asterisk/asterisk/pull/600	x_refsource_MISC
https://github.com/asterisk/asterisk/pull/602	x_refsource_MISC
https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-35190
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35190

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 13:19:31				Added to TrackCVE