Vulnerability Details : CVE-2021-41157
Potential exploit
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-41157
- cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41157
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41157
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2021-41157
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: security-advisories@github.com (Secondary)
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-41157
-
https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e
[Default-Configuration] Force sip subscription requests to require au… · signalwire/freeswitch@b21dd4e · GitHubPatch;Third Party Advisory
-
https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default · Advisory · signalwire/freeswitch · GitHubExploit;Third Party Advisory
-
http://seclists.org/fulldisclosure/2021/Oct/41
Full Disclosure: [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by defaultMailing List;Third Party Advisory
-
https://github.com/signalwire/freeswitch/releases/tag/v1.10.6
Release FreeSWITCH v1.10.6 Release · signalwire/freeswitch · GitHubRelease Notes;Third Party Advisory
Jump to