Improper Authentication in freeswitch - CVE-2021-41157
Published: October 25, 2021 / Updated: May 15, 2026
freeswitch
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper authentication in SIP SUBSCRIBE request handling when processing SIP SUBSCRIBE requests. A remote attacker can send a crafted SIP SUBSCRIBE request to disclose sensitive information.
Only systems running with the default configuration are vulnerable.