Sign-up

ID

VAR-202110-1371


CVE

CVE-2021-41158


TITLE

FreeSWITCH  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014049

DESCRIPTION

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH's network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge()` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs (and gateways) to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges. FreeSWITCH There is a vulnerability related to information leakage.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2021-41158 // JVNDB: JVNDB-2021-014049 // VULHUB: VHN-402381 // VULMON: CVE-2021-41158

AFFECTED PRODUCTS

vendor:freeswitchmodel:freeswitchscope:ltversion:1.10.7

Trust: 1.0

vendor:freeswitchmodel:freeswitchscope:eqversion: -

Trust: 0.8

vendor:freeswitchmodel:freeswitchscope:eqversion:1.10.7

Trust: 0.8

sources: JVNDB: JVNDB-2021-014049 // NVD: CVE-2021-41158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41158
value: HIGH

Trust: 1.0

security-advisories@github.com: CVE-2021-41158
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-41158
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-1762
value: HIGH

Trust: 0.6

VULHUB: VHN-402381
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41158
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-402381
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-41158
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security-advisories@github.com: CVE-2021-41158
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-41158
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-402381 // JVNDB: JVNDB-2021-014049 // CNNVD: CNNVD-202110-1762 // NVD: CVE-2021-41158 // NVD: CVE-2021-41158

PROBLEMTYPE DATA

problemtype:CWE-346

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

sources: VULHUB: VHN-402381 // JVNDB: JVNDB-2021-014049 // NVD: CVE-2021-41158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1762

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1762

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-402381

PATCH
title:FreeSWITCH v1.10.7 Release GitHuburl:https://github.com/signalwire/freeswitch/releases/tag/v1.10.7
Trust: 0.8
title:FreeSWITCH Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=168567
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-014049 // 
            
            
            
            CNNVD: CNNVD-202110-1762

EXTERNAL IDS
db:NVDid:CVE-2021-41158
Trust: 3.4
db:JVNDBid:JVNDB-2021-014049
Trust: 0.8
db:PACKETSTORMid:164622
Trust: 0.7
db:CNNVDid:CNNVD-202110-1762
Trust: 0.6
db:VULHUBid:VHN-402381
Trust: 0.1
db:VULMONid:CVE-2021-41158
Trust: 0.1
sources:
            
            
            VULHUB: VHN-402381 // 
            
            
            
            VULMON: CVE-2021-41158 // 
            
            
            
            JVNDB: JVNDB-2021-014049 // 
            
            
            
            CNNVD: CNNVD-202110-1762 // 
            
            
            
            NVD: CVE-2021-41158

REFERENCES
url:http://seclists.org/fulldisclosure/2021/oct/40
Trust: 2.5
url:https://github.com/signalwire/freeswitch/security/advisories/ghsa-3v3f-99mv-qvj4
Trust: 1.7
url:https://github.com/signalwire/freeswitch/releases/tag/v1.10.7
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-41158
Trust: 1.4
url:https://packetstormsecurity.com/files/164622/freeswitch-1.10.6-sip-digest-leak.html
Trust: 0.6
url:http://seclists.org/oss-sec/2021/q4/49
Trust: 0.1
sources:
            
            
            VULHUB: VHN-402381 // 
            
            
            
            VULMON: CVE-2021-41158 // 
            
            
            
            JVNDB: JVNDB-2021-014049 // 
            
            
            
            CNNVD: CNNVD-202110-1762 // 
            
            
            
            NVD: CVE-2021-41158

SOURCES
db:VULHUBid:VHN-402381
db:VULMONid:CVE-2021-41158
db:JVNDBid:JVNDB-2021-014049
db:CNNVDid:CNNVD-202110-1762
db:NVDid:CVE-2021-41158

LAST UPDATE DATE
2024-08-14T14:25:09.222000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-402381date:2022-10-24T00:00:00
db:JVNDBid:JVNDB-2021-014049date:2022-10-03T07:29:00
db:CNNVDid:CNNVD-202110-1762date:2022-10-25T00:00:00
db:NVDid:CVE-2021-41158date:2022-10-24T16:06:20.397

SOURCES RELEASE DATE
db:VULHUBid:VHN-402381date:2021-10-26T00:00:00
db:JVNDBid:JVNDB-2021-014049date:2022-10-03T00:00:00
db:CNNVDid:CNNVD-202110-1762date:2021-10-25T00:00:00
db:NVDid:CVE-2021-41158date:2021-10-26T14:15:08.007