{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/certified-asterisk-versions-22.x/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-25994"},{"cvss":7.5,"id":"CVE-2026-28799"},{"cvss":8.1,"id":"CVE-2026-32942"}],"_cs_exploited":false,"_cs_products":["Asterisk versions 20.18.x","Asterisk versions 21.12.x","Asterisk versions 22.8.x","Asterisk versions 23.2.x","certified-asterisk versions 20.x","certified-asterisk versions 22.x"],"_cs_severities":["medium"],"_cs_tags":["asterisk","voip","denial-of-service"],"_cs_type":"advisory","_cs_vendors":["Asterisk"],"content_html":"\u003cp\u003eOn May 6, 2026, CERT-FR published an advisory regarding multiple vulnerabilities in Asterisk, a widely-used open-source framework for building communications applications. The vulnerabilities, detailed in Asterisk security advisories GHSA-f948-v379-526c, GHSA-rrfc-6662-c6hm, GHSA-x2f3-ccvh-2rr2, and GHSA-x6qg-jfj6-6f93, can be exploited by a remote attacker to trigger a denial of service (DoS) condition. The affected versions include multiple branches of Asterisk, specifically versions 20.18.x prior to 20.19.0, 21.12.x prior to 21.12.2, 22.8.x prior to 22.9.0, 23.2.x prior to 23.3.0, certified-asterisk versions 20.x prior to 20.7-cert10, and certified-asterisk versions 22.x prior to 22.8-cert2. These vulnerabilities pose a significant risk to organizations relying on Asterisk for their communication infrastructure, as successful exploitation can disrupt critical services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eWhile specific exploitation details are not provided, the general attack chain for a denial-of-service vulnerability typically follows these steps:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eReconnaissance:\u003c/strong\u003e The attacker identifies a target Asterisk server and determines its version.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Identification:\u003c/strong\u003e The attacker confirms the presence of one of the disclosed vulnerabilities in the target Asterisk version.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploit Selection:\u003c/strong\u003e The attacker selects or crafts a suitable exploit for the identified vulnerability.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploit Delivery:\u003c/strong\u003e The attacker sends a malicious request to the Asterisk server. The nature of this request depends on the specific vulnerability being exploited.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Trigger:\u003c/strong\u003e The malicious request triggers a flaw in Asterisk\u0026rsquo;s code, such as a buffer overflow, excessive resource consumption, or a crash.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial of Service:\u003c/strong\u003e The Asterisk server becomes unresponsive or crashes due to the triggered vulnerability, leading to a denial of service for legitimate users.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eService Disruption:\u003c/strong\u003e Users are unable to make or receive calls, access voicemail, or utilize other Asterisk-based services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities leads to a denial-of-service condition, disrupting communication services reliant on Asterisk. The advisory does not specify the number of victims or sectors targeted. However, given the widespread use of Asterisk in various industries, including telecommunications, healthcare, and customer service, the impact could be significant. A successful attack can result in business disruption, financial losses, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Asterisk to the latest patched version. Specifically, upgrade asterisk versions 20.18.x to 20.19.0 or later, 21.12.x to 21.12.2 or later, 22.8.x to 22.9.0 or later, 23.2.x to 23.3.0 or later, certified-asterisk versions 20.x to 20.7-cert10 or later, and certified-asterisk versions 22.x to 22.8-cert2 or later, as detailed in the advisory.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious patterns indicative of denial-of-service attacks targeting Asterisk servers. Deploy network intrusion detection systems (NIDS) with signatures to detect known Asterisk exploit attempts.\u003c/li\u003e\n\u003cli\u003eReview Asterisk server logs for error messages or unusual activity that might indicate a vulnerability exploitation attempt. Enable verbose logging to capture detailed information about incoming requests and server responses.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T00:00:00Z","date_published":"2026-05-06T00:00:00Z","id":"/briefs/2026-05-asterisk-dos/","summary":"Multiple vulnerabilities in Asterisk versions 20.18.x before 20.19.0, 21.12.x before 21.12.2, 22.8.x before 22.9.0, 23.2.x before 23.3.0, certified-asterisk 20.x before 20.7-cert10, and certified-asterisk 22.x before 22.8-cert2 allow a remote attacker to cause a denial of service.","title":"Multiple Vulnerabilities in Asterisk Allow for Remote Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-05-asterisk-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Certified-Asterisk Versions 22.x","version":"https://jsonfeed.org/version/1.1"}