CVE-2021-41105 : FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. When a media port that is handling SRTP traffic is flooded with a specially crafted SRTP packet, the call is terminated leading to denial of service. This issue was reproduced when using the SDES key exchange mechanism in a SIP environment as well as when using the DTLS key exchange mechanism in a WebRTC environment. The call disconnection occurs due to line 6331 in the source file `switch_rtp.c`, which disconnects the call when the total number of SRTP errors reach a hard-coded threshold (100). By abusing this vulnerability, an attacker is able to disconnect any ongoing calls that are using SRTP. The attack does not require authentication or any special foothold in the caller's or the callee's network. This issue is patched in version 1.10.7.

Published 2021-10-25 22:15:08

Updated 2022-08-12 14:48:09

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2021-41105

Probability of exploitation activity in the next 30 days: 0.52%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-41105

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-41105

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: security-advisories@github.com (Secondary)

References for CVE-2021-41105

https://github.com/signalwire/freeswitch/releases/tag/v1.10.7

Release FreeSWITCH v1.10.7 Release · signalwire/freeswitch · GitHub
Release Notes;Third Party Advisory

CVEs referencing this url
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36

FreeSWITCH susceptible to Denial of Service via invalid SRTP packets · Advisory · signalwire/freeswitch · GitHub
Exploit;Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/43

Full Disclosure: [ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets
Exploit;Mailing List;Third Party Advisory

Products affected by CVE-2021-41105

Freeswitch » Freeswitch
Versions before (<) 1.10.7
cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2021-41105

Exploit prediction scoring system (EPSS) score for CVE-2021-41105

CVSS scores for CVE-2021-41105

CWE ids for CVE-2021-41105

References for CVE-2021-41105

Products affected by CVE-2021-41105