Published: 25/10/2021 Updated: 12/08/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freeswitch freeswitch

FreeSWITCH versions 1106 and below suffer from a SIP flooding denial of service vulnerability ...

CWE-401 https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 https://nvd.nist.gov https://packetstormsecurity.com/files/164624/FreeSWITCH-1.10.6-SIP-Flooding-Denial-Of-Service.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-41145

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect