Improper Authentication in freeswitch - CVE-2021-37624
Published: October 25, 2021 / Updated: May 15, 2026
freeswitch
Detailed vulnerability description
The vulnerability allows a remote attacker to spoof chat messages.
The vulnerability exists due to improper authentication in SIP MESSAGE request handling when relaying SIP MESSAGE requests to registered SIP user agents. A remote attacker can send a specially crafted SIP MESSAGE request to spoof chat messages.
Only systems using the default configuration with unauthenticated MESSAGE handling are vulnerable.