Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1t3u-22gq-qucr
Vulnerability ID VCID-1t3u-22gq-qucr
Aliases CVE-2024-35190
Summary Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-303 Incorrect Implementation of Authentication Algorithm
CWE-480 Use of Incorrect Operator
CWE-670 Always-Incorrect Control Flow Implementation
System Score Found at
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-35190
cvssv3.1 5.8 https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
ssvc Track https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
cvssv3.1 5.8 https://github.com/asterisk/asterisk/pull/600
ssvc Track https://github.com/asterisk/asterisk/pull/600
cvssv3.1 5.8 https://github.com/asterisk/asterisk/pull/602
ssvc Track https://github.com/asterisk/asterisk/pull/602
cvssv3.1 5.8 https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
ssvc Track https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-35190
600 https://github.com/asterisk/asterisk/pull/600
602 https://github.com/asterisk/asterisk/pull/602
85241bd22936cc15760fd1f65d16c98be7aeaf6d https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
GHSA-qqxj-v78h-hrf9 https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/ Found at https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/asterisk/asterisk/pull/600
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/ Found at https://github.com/asterisk/asterisk/pull/600
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/asterisk/asterisk/pull/602
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/ Found at https://github.com/asterisk/asterisk/pull/602
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/ Found at https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
Exploit Prediction Scoring System (EPSS)
Percentile 0.56054
EPSS Score 0.00332
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T18:02:18.308851+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/35xxx/CVE-2024-35190.json 38.0.0