SB2021102530 - Multiple vulnerabilities in freeswitch



SB2021102530 - Multiple vulnerabilities in freeswitch

Published: October 25, 2021 Updated: May 15, 2026

Security Bulletin ID SB2021102530
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 20% Medium 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2021-41105)

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper handling of SRTP error thresholds in switch_rtp.c when processing specially crafted SRTP packets. A remote attacker can flood a media port with invalid SRTP packets to cause a denial of service.

The issue can terminate ongoing SRTP calls and was reproduced with both SDES key exchange in SIP environments and DTLS key exchange in WebRTC environments.


2) Improper Authentication (CVE-ID: CVE-2021-41157)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper authentication in SIP SUBSCRIBE request handling when processing SIP SUBSCRIBE requests. A remote attacker can send a crafted SIP SUBSCRIBE request to disclose sensitive information.

Only systems running with the default configuration are vulnerable.


3) Improper Authentication (CVE-ID: CVE-2021-37624)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to spoof chat messages.

The vulnerability exists due to improper authentication in SIP MESSAGE request handling when relaying SIP MESSAGE requests to registered SIP user agents. A remote attacker can send a specially crafted SIP MESSAGE request to spoof chat messages.

Only systems using the default configuration with unauthenticated MESSAGE handling are vulnerable.


4) Resource exhaustion (CVE-ID: CVE-2021-41145)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in the SIP message handling functionality when processing flooded SIP messages. A remote attacker can send a flood of SIP messages to cause a denial of service.

The issue can be triggered without authentication over UDP, TCP, or TLS, and may result in the process being killed by the operating system due to memory exhaustion.


5) Improper access control (CVE-ID: CVE-2021-41158)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper access control in the SIP request handling logic when processing crafted SIP authentication challenges. A remote attacker can send a specially crafted SIP challenge with the realm set to that of a configured gateway to disclose sensitive information.

One demonstrated attack path involves initiating a call to a directory number, which in the default configuration may be reachable through the external SIP profile without authentication.


Remediation

Install update from vendor's website.