SB2021102530 - Multiple vulnerabilities in freeswitch
Published: October 25, 2021 Updated: May 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2021-41105)
CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper handling of SRTP error thresholds in switch_rtp.c when processing specially crafted SRTP packets. A remote attacker can flood a media port with invalid SRTP packets to cause a denial of service.
The issue can terminate ongoing SRTP calls and was reproduced with both SDES key exchange in SIP environments and DTLS key exchange in WebRTC environments.
2) Improper Authentication (CVE-ID: CVE-2021-41157)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper authentication in SIP SUBSCRIBE request handling when processing SIP SUBSCRIBE requests. A remote attacker can send a crafted SIP SUBSCRIBE request to disclose sensitive information.
Only systems running with the default configuration are vulnerable.
3) Improper Authentication (CVE-ID: CVE-2021-37624)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to spoof chat messages.
The vulnerability exists due to improper authentication in SIP MESSAGE request handling when relaying SIP MESSAGE requests to registered SIP user agents. A remote attacker can send a specially crafted SIP MESSAGE request to spoof chat messages.
Only systems using the default configuration with unauthenticated MESSAGE handling are vulnerable.
4) Resource exhaustion (CVE-ID: CVE-2021-41145)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in the SIP message handling functionality when processing flooded SIP messages. A remote attacker can send a flood of SIP messages to cause a denial of service.
The issue can be triggered without authentication over UDP, TCP, or TLS, and may result in the process being killed by the operating system due to memory exhaustion.
5) Improper access control (CVE-ID: CVE-2021-41158)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in the SIP request handling logic when processing crafted SIP authentication challenges. A remote attacker can send a specially crafted SIP challenge with the realm set to that of a configured gateway to disclose sensitive information.
One demonstrated attack path involves initiating a call to a directory number, which in the default configuration may be reachable through the external SIP profile without authentication.
Remediation
Install update from vendor's website.
References
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
- https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4