Every CVE whose affected-product data names Sangoma Asterisk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2024-57520 — CVSS 9.8 (critical): Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function…
CVE-2022-21723 — CVSS 9.1 (critical): PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP…
CVE-2012-2186 — CVSS 9.0 (critical): Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified…
CVE-2022-23608 — CVSS 8.1 (high): PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP…
CVE-2025-1131 — CVSS 7.8 (high): A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is…
CVE-2025-47780 — CVSS 7.8 (high): Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions…
CVE-2009-2346 — CVSS 7.8 (high): The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x…
CVE-2025-47779 — CVSS 7.7 (high): Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions…
CVE-2025-57767 — CVSS 7.5 (high): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request…
CVE-2022-37325 — CVSS 7.5 (high): In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to…
CVE-2017-9358 — CVSS 7.5 (high): A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13…
CVE-2021-37706 — CVSS 7.3 (high): PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP…
CVE-2022-42705 — CVSS 6.5 (medium): A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated…
CVE-2025-49832 — CVSS 6.5 (medium): Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and…
CVE-2025-54995 — CVSS 6.5 (medium): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and…
CVE-2020-28242 — CVSS 6.5 (medium): An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and…
CVE-2018-12228 — CVSS 6.5 (medium): An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly…
CVE-2024-35190 — CVSS 5.8 (medium): Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are…
CVE-2024-42491 — CVSS 5.7 (medium): Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions…
CVE-2024-53566 — CVSS 5.5 (medium): An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to…
CVE-2020-28327 — CVSS 5.3 (medium): A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x…
CVE-2022-42706 — CVSS 4.9 (medium): An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1…
CVE-2012-2948 — CVSS 4.0 (medium): chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x…
CVE-2026-23738 — CVSS 3.5 (low): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…
CVE-2026-23739 — CVSS 2.0 (low): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…
CVE-2026-23740 — CVSS 0.0 (none): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…
CVE-2026-23741 — CVSS 0.0 (none): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…