Vulnerability Database

317,095

Total vulnerabilities in the database

CVE-2024-35190

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Published: May 17, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-35190
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.8
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-303
CWE-480
CWE-670

Affected Software
References

Software	From	Fixed in
sangoma / asterisk	18.23.0	18.23.0.x
sangoma / asterisk	20.8.0	20.8.0.x
sangoma / asterisk	21.3.0	21.3.0.x

https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
https://github.com/asterisk/asterisk/pull/600
https://github.com/asterisk/asterisk/pull/602
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo