Main Vulnerability Database Vulnerabilities #VU69269

#VU69269 Cleartext transmission of sensitive information in pjsip - CVE-2022-39269

Published: November 14, 2022 / Updated: November 24, 2022

Vulnerability identifier: #VU69269

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-39269

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pjsip

Software vendor:
pjsip

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Remediation

Install update from vendor's website.

#VU69269 Cleartext transmission of sensitive information in pjsip - CVE-2022-39269

Description

Remediation

External links