Home > Vulnerability Database > CVE-2024-35190

Mend.io Vulnerability Database

CVE-2024-35190

Date: May 17, 2024

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Language: C

Severity Score

5.8

Related Resources (8)

Url: https://github.com/asterisk/asterisk/pull/602

Url: https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d

Url: https://security-tracker.debian.org/tracker/CVE-2024-35190

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35190

Url: https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9

Url: https://github.com/asterisk/asterisk/pull/600

Url: https://security.alpinelinux.org/vuln/CVE-2024-35190

Url: https://www.mend.io/vulnerability-database/CVE-2024-35190

Severity Score

5.8

Weakness Type (CWE)

Incorrect Implementation of Authentication Algorithm

CWE-303

Use of Incorrect Operator

CWE-480

Always-Incorrect Control Flow Implementation

CWE-670

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35190

Date: May 17, 2024

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?