Businesses using open-source Asterisk-based IP PBXs should check whether to update the software version they are using in order to rid themselves of vulnerabilities that could compromise the systems.

Exploiting the two vulnerabilities can lead to buffer overflow attacks, hijacked calls and allow attackers to make unauthenticated calls.

The Asterisk Development Team has issued patches for four versions of Asterisk affected by vulnerabilities.

No actual exploits based on the vulnerabilities has been reported.

Open source Asterisk is free for download and is also used as the basis for commercial PBXs and peripheral software such as call centers. The creators of this PBX sell a commercial version under the name Digium.