CVE-2024-35190
MEDIUM5.3EPSS 0.18%發布日:2024/5/17修改日:2025/12/3
也稱為:ALPINE-CVE-2024-35190
描述
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
受影響套件(1)
- Alpine/asteriskfrom 0, < 18.24.3-r0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |