Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bk8r-brkr-bqc6
Vulnerability ID VCID-bk8r-brkr-bqc6
Aliases CVE-2023-49786
Summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-703 Improper Check or Handling of Exceptional Conditions
System Score Found at
cvssv3.1 7.5 http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
ssvc Track http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-49786
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2023/Dec/24
ssvc Track http://seclists.org/fulldisclosure/2023/Dec/24
cvssv3.1 7.5 https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
ssvc Track https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
cvssv3.1 7.5 https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
ssvc Track https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
cvssv3.1 7.5 https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
ssvc Track https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2023/12/15/7
ssvc Track http://www.openwall.com/lists/oss-security/2023/12/15/7
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-49786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
1059033 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
24 http://seclists.org/fulldisclosure/2023/Dec/24
7 http://www.openwall.com/lists/oss-security/2023/12/15/7
Asterisk-20.1.0-Denial-Of-Service.html http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
d7d7764cb07c8a1872804321302ef93bf62cba05 https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
ES2023-01-asterisk-dtls-hello-race https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
GHSA-hxj9-xwr8-w8pq https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
GLSA-202412-03 https://security.gentoo.org/glsa/202412-03
msg00019.html https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/ Found at http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2023/Dec/24
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/ Found at http://seclists.org/fulldisclosure/2023/Dec/24
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/ Found at https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/ Found at https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/ Found at https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/ Found at https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2023/12/15/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/ Found at http://www.openwall.com/lists/oss-security/2023/12/15/7
Exploit Prediction Scoring System (EPSS)
Percentile 0.26846
EPSS Score 0.00097
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:00.929383+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202412-03 38.0.0