Sangoma Certified Asterisk — known CVE vulnerabilities
Every CVE whose affected-product data names Sangoma Certified Asterisk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-1131 — CVSS 7.8 (high): A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is…
CVE-2025-47780 — CVSS 7.8 (high): Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions…
CVE-2025-47779 — CVSS 7.7 (high): Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions…
CVE-2023-37457 — CVSS 7.5 (high): Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and…
CVE-2023-49786 — CVSS 7.5 (high): Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as…
CVE-2022-42705 — CVSS 6.5 (medium): A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated…
CVE-2025-49832 — CVSS 6.5 (medium): Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and…
CVE-2025-54995 — CVSS 6.5 (medium): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and…
CVE-2024-42491 — CVSS 5.7 (medium): Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions…
CVE-2022-42706 — CVSS 4.9 (medium): An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1…
CVE-2023-49294 — CVSS 4.9 (medium): Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as…
CVE-2026-23738 — CVSS 3.5 (low): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…
CVE-2026-23739 — CVSS 2.0 (low): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…
CVE-2026-23741 — CVSS 0.0 (none): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…
CVE-2026-23740 — CVSS 0.0 (none): Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and…