CVE-2024-35190 — MEDIUM (5.8)

Vulnerability Description

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sangoma	Asterisk	18.23.0

Related Weaknesses (CWE)

CWE-670 CWE-480 CWE-303

References

https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aePatch
https://github.com/asterisk/asterisk/pull/600Issue TrackingPatch
https://github.com/asterisk/asterisk/pull/602Issue TrackingPatch
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9ExploitVendor Advisory
https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aePatch
https://github.com/asterisk/asterisk/pull/600Issue TrackingPatch
https://github.com/asterisk/asterisk/pull/602Issue TrackingPatch
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9ExploitVendor Advisory

FAQ

What is CVE-2024-35190?

CVE-2024-35190 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulner...

How severe is CVE-2024-35190?

CVE-2024-35190 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-35190?

Check the references section above for vendor advisories and patch information. Affected products include: Sangoma Asterisk.