Jonathan Rose

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 12.x through 12.7.0 Asterisk Open Source versions 13.x through 13.0.0 **Description** The issue concerns the res pjsip acl module, which fails to properly create and load ACLs defined in pjsip.conf at startup. This allows remote attackers to bypass intended PJSIP ACL rules. **Recommendations** For Asterisk Open Source versions 12.x through 12.7.0, update to version 12.7.1 or later. For Asterisk Open Source versions 13.x through 13.0.0, update to version 13.0.1 or later.