Sign-up

ID

VAR-202405-3659


CVE

CVE-2024-35190


TITLE

Sangoma  of  Asterisk  Vulnerability related to improper implementation of authentication algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2024-027548

DESCRIPTION

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. Sangoma of Asterisk contains vulnerabilities related to improper implementation of authentication algorithms, vulnerabilities related to the use of operators, and vulnerabilities related to improper implementation of control flow.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-35190 // JVNDB: JVNDB-2024-027548

AFFECTED PRODUCTS

vendor:sangomamodel:asteriskscope:eqversion:21.3.0

Trust: 1.8

vendor:sangomamodel:asteriskscope:eqversion:20.8.0

Trust: 1.8

vendor:sangomamodel:asteriskscope:eqversion:18.23.0

Trust: 1.8

vendor:sangomamodel:asteriskscope: - version: -

Trust: 0.8

vendor:sangomamodel:asteriskscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-027548 // NVD: CVE-2024-35190

CVSS

SEVERITY

CVSSV2

CVSSV3

security-advisories@github.com: CVE-2024-35190
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-35190
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-35190
value: MEDIUM

Trust: 0.8

security-advisories@github.com: CVE-2024-35190
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-35190
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-35190
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-027548 // NVD: CVE-2024-35190 // NVD: CVE-2024-35190

PROBLEMTYPE DATA

problemtype:CWE-480

Trust: 1.0

problemtype:CWE-303

Trust: 1.0

problemtype:CWE-670

Trust: 1.0

problemtype:Improper implementation of authentication algorithms (CWE-303) [ others ]

Trust: 0.8

problemtype: Incorrect operator usage (CWE-480) [ others ]

Trust: 0.8

problemtype: Consistently bad control flow implementation (CWE-670) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-027548 // NVD: CVE-2024-35190

EXTERNAL IDS

db:NVDid:CVE-2024-35190

Trust: 2.6

db:JVNDBid:JVNDB-2024-027548

Trust: 0.8

sources: JVNDB: JVNDB-2024-027548 // NVD: CVE-2024-35190

REFERENCES

url:https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d

Trust: 1.8

url:https://github.com/asterisk/asterisk/pull/600

Trust: 1.8

url:https://github.com/asterisk/asterisk/pull/602

Trust: 1.8

url:https://github.com/asterisk/asterisk/security/advisories/ghsa-qqxj-v78h-hrf9

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-35190

Trust: 0.8

sources: JVNDB: JVNDB-2024-027548 // NVD: CVE-2024-35190

SOURCES

db:JVNDBid:JVNDB-2024-027548
db:NVDid:CVE-2024-35190

LAST UPDATE DATE

2025-09-01T23:43:00.102000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-027548date:2025-08-27T07:17:00
db:NVDid:CVE-2024-35190date:2025-08-26T16:19:01.210

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-027548date:2025-08-27T00:00:00
db:NVDid:CVE-2024-35190date:2024-05-17T17:15:07.067