CVE-2021-41145 – FreeSWITCH susceptible to Denial of Service via SIP flooding
https://notcve.org/view.php?id=CVE-2021-41145
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. • https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-41158 – FreeSWITCH vulnerable to SIP digest leak for configured gateways
https://notcve.org/view.php?id=CVE-2021-41158
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH's network traffic, to exploit this issue. • http://seclists.org/fulldisclosure/2021/Oct/40 https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •
CVE-2021-37624 – FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing
https://notcve.org/view.php?id=CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the `auth-messages` parameter to `true`, it is not the default setting. • http://packetstormsecurity.com/files/164628/FreeSWITCH-1.10.6-Missing-SIP-MESSAGE-Authentication.html http://seclists.org/fulldisclosure/2021/Oct/44 http://www.openwall.com/lists/oss-security/2021/10/25/6 https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVE-2021-36513
https://notcve.org/view.php?id=CVE-2021-36513
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. Se ha detectado un problema en la función sofia_handle_sip_i_notify en el archivo sofia.c en SignalWire freeswitch versiones anteriores a 1.10.6, que puede permitir a atacantes visualizar información confidencial debido a un valor no inicializado • https://github.com/signalwire/freeswitch/issues/1245 https://github.com/signalwire/freeswitch/releases/tag/v1.10.6 https://newreleases.io/project/github/signalwire/freeswitch/release/v1.10.6 • CWE-909: Missing Initialization of Resource •
CVE-2018-19911
https://notcve.org/view.php?id=CVE-2018-19911
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. FreeSWITCH hasta la versión 1.8.2, cuando mod_xml_rpc está habilitado, permite que atacantes remotos ejecuten comandos arbitrarios mediante las cadenas de consulta api/system o txtapi/system (o api/bg_system o txtapi/bg_system) en el puerto TCP 8080, tal y como queda demostrado por un URI api/system? • https://github.com/iSafeBlue/freeswitch_rce/blob/master/README-en.md https://github.com/iSafeBlue/freeswitch_rce/blob/master/freeswitch_rce.py • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •