Details of VAR-202110-0919

ID

VAR-202110-0919

CVE

CVE-2021-36513

TITLE

SignalWire freeswitch Vulnerability in resource initialization deficiency in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013920

DESCRIPTION

An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. SignalWire freeswitch Exists in a flaw in resource initialization.Information may be obtained. FreeSWITCH is a set of free and open source communication software developed by the individual developer Anthony Minesale in the United States. The software can be used to create audio, video and short message products and applications

Trust: 1.8

sources: NVD: CVE-2021-36513 // JVNDB: JVNDB-2021-013920 // VULHUB: VHN-397762 // VULMON: CVE-2021-36513

AFFECTED PRODUCTS

vendor:	signalwire	model:	freeswitch	scope:	lt	version:	1.10.6	Trust: 1.0
vendor:	freeswitch	model:	freeswitch	scope:	eq	version:	-	Trust: 0.8
vendor:	freeswitch	model:	freeswitch	scope:	eq	version:	1.10.6	Trust: 0.8

sources: JVNDB: JVNDB-2021-013920 // NVD: CVE-2021-36513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36513
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-36513
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-1263
value:	HIGH
Trust: 0.6
VULHUB:	VHN-397762
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-36513
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36513
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-397762
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36513
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36513
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-397762 // VULMON: CVE-2021-36513 // JVNDB: JVNDB-2021-013920 // CNNVD: CNNVD-202110-1263 // NVD: CVE-2021-36513

PROBLEMTYPE DATA

problemtype:	CWE-909	Trust: 1.1
problemtype:	Inadequate resource initialization (CWE-909) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-397762 // JVNDB: JVNDB-2021-013920 // NVD: CVE-2021-36513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1263

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1263

PATCH

title:	Usage-of-uninitialized value #1245 GitHub	url:	https://github.com/signalwire/freeswitch/issues/1245	Trust: 0.8
title:	FreeSWITCH Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167098	Trust: 0.6

sources: JVNDB: JVNDB-2021-013920 // CNNVD: CNNVD-202110-1263

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36513	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-013920	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-1263	Trust: 0.7
db:	VULHUB	id:	VHN-397762	Trust: 0.1
db:	VULMON	id:	CVE-2021-36513	Trust: 0.1

sources: VULHUB: VHN-397762 // VULMON: CVE-2021-36513 // JVNDB: JVNDB-2021-013920 // CNNVD: CNNVD-202110-1263 // NVD: CVE-2021-36513

REFERENCES

url:	https://newreleases.io/project/github/signalwire/freeswitch/release/v1.10.6	Trust: 2.6
url:	https://github.com/signalwire/freeswitch/releases/tag/v1.10.6	Trust: 1.8
url:	https://github.com/signalwire/freeswitch/issues/1245	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36513	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/909.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-397762 // VULMON: CVE-2021-36513 // JVNDB: JVNDB-2021-013920 // CNNVD: CNNVD-202110-1263 // NVD: CVE-2021-36513

SOURCES

db:	VULHUB	id:	VHN-397762
db:	VULMON	id:	CVE-2021-36513
db:	JVNDB	id:	JVNDB-2021-013920
db:	CNNVD	id:	CNNVD-202110-1263
db:	NVD	id:	CVE-2021-36513

LAST UPDATE DATE

2024-08-14T14:44:15.525000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-397762	date:	2021-10-22T00:00:00
db:	VULMON	id:	CVE-2021-36513	date:	2021-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-013920	date:	2022-09-29T07:34:00
db:	CNNVD	id:	CNNVD-202110-1263	date:	2021-10-26T00:00:00
db:	NVD	id:	CVE-2021-36513	date:	2021-10-22T15:11:45.757

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-397762	date:	2021-10-18T00:00:00
db:	VULMON	id:	CVE-2021-36513	date:	2021-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-013920	date:	2022-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202110-1263	date:	2021-10-18T00:00:00
db:	NVD	id:	CVE-2021-36513	date:	2021-10-18T17:15:07.913