Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digium Asterisk Open Source和Certified Asterisk 安全漏洞
Vulnerability Description
Digium Asterisk Open Source和Certified Asterisk都是美国Digium公司的开源电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source和Certified Asterisk中存在安全漏洞。攻击者可利用该漏洞枚举用户名称。以下产品和版本受到影响:Asterisk Open Source 13.21.1之前的13.x版本,14.7.7之前的14.x版本,15.4.1之前的15
CVSS Information
N/A
Vulnerability Type
N/A