VDB

CVE-2024-42365

CVE-2024-42365 PUBLISHED CVSS 9.300000190734863 CRITICAL

Asterisk ist eine komplette Open Source Multiprotokoll Telefonanlage (PBX) auf Softwarebasis. Certified Asterisk ist eine komplette Multiprotokoll Telefonanlage (PBX) auf Softwarebasis mit erweitertem Support.

EPSS 31.95% · 96.9th percentile

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N
EPSS Score
31.95%
96.9th percentile

Affected Products

VendorProductVersions
Open SourceOpen Source Asterisk <20.9.2
Open SourceOpen Source Asterisk <18.24.2
DigiumDigium Certified Asterisk <18.9-cert11
DebianDebian Linux
Open SourceOpen Source Asterisk <21.4.2
FedoraFedora Linux
DigiumDigium Certified Asterisk <20.7-cert2

Timeline

  • Jan 21, 1970 Security Advisory
  • Aug 8, 2024 CVE Published
  • Aug 13, 2024 EPSS Score
  • Sep 24, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 14, 2024 EPSS Score
  • Nov 25, 2024 EPSS Score
  • Dec 2, 2024 PoC Published
  • Dec 3, 2024 PoC Published
  • Dec 3, 2024 EPSS Score
  • Dec 18, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›