CVE-2020-15260 : PJSIP is a free and open source multimedia communication library written in C la

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection to another hostname, say `sip.bar.com`, which has the same IP address, then it will reuse that existing connection, even though `100.1.1.1` does not have certificate to authenticate as `sip.bar.com`. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing.

Published 2021-03-10 23:15:12

Updated 2022-07-22 12:49:28

Source GitHub, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-15260

Teluu » Pjsip
Versions up to, including, (<=) 2.10
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-15260

EPSS FAQ

0.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-15260

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N	2.2	4.0	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: None
6.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N	2.2	4.0	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2020-15260

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: nvd@nist.gov (Primary)
CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

Assigned by: security-advisories@github.com (Secondary)

References for CVE-2020-15260

https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph

Existing TLS connections can be reused without checking remote hostname · Advisory · pjsip/pjproject · GitHub
Patch;Third Party Advisory
https://github.com/pjsip/pjproject/pull/2663

Fix secure transport checking by sauwming · Pull Request #2663 · pjsip/pjproject · GitHub
Patch;Third Party Advisory
https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872

Merge pull request from GHSA-8hcp-hm38-mfph · pjsip/pjproject@67e46c1 · GitHub
Patch;Third Party Advisory
https://security.gentoo.org/glsa/202107-42

PJSIP: Multiple vulnerabilities (GLSA 202107-42) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-15260

Products affected by CVE-2020-15260

Exploit prediction scoring system (EPSS) score for CVE-2020-15260

CVSS scores for CVE-2020-15260

CWE ids for CVE-2020-15260

References for CVE-2020-15260