HomePentest-Tools.com Logo

FreeSWITCH < 1.10.7 Multiple Vulnerabilities CVE-2021-37624CVE-2021-41105CVE-2021-41145CVE-2021-41157CVE-2021-41158

Severity
CVSSv3 Score
7.5
Vulnerability description

FreeSWITCH is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing - CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid SRTP packets - CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding - CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways

Recommendation

Update to version 1.10.7 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 25, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available