CVE-2021-41157
Vulnerability from cvelistv5
Published
2021-10-26 13:35
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | signalwire | freeswitch |
Version: < 1.10.6 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:59:31.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6", }, { name: "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Oct/41", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "freeswitch", vendor: "signalwire", versions: [ { status: "affected", version: "< 1.10.6", }, ], }, ], descriptions: [ { lang: "en", value: "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287: Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-26T16:06:09", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6", }, { name: "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Oct/41", }, ], source: { advisory: "GHSA-g7xg-7c54-rmpj", discovery: "UNKNOWN", }, title: "FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-41157", STATE: "PUBLIC", TITLE: "FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "freeswitch", version: { version_data: [ { version_value: "< 1.10.6", }, ], }, }, ], }, vendor_name: "signalwire", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-287: Improper Authentication", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj", refsource: "CONFIRM", url: "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj", }, { name: "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e", refsource: "MISC", url: "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e", }, { name: "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6", refsource: "MISC", url: "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6", }, { name: "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Oct/41", }, ], }, source: { advisory: "GHSA-g7xg-7c54-rmpj", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-41157", datePublished: "2021-10-26T13:35:10", dateReserved: "2021-09-15T00:00:00", dateUpdated: "2024-08-04T02:59:31.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-41157\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-10-26T14:15:07.807\",\"lastModified\":\"2024-11-21T06:25:37.363\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.\"},{\"lang\":\"es\",\"value\":\"FreeSWITCH es una Pila de Telecomunicaciones Definida por Software que permite la transformación digital de los switches de telecomunicaciones propietarios a una implementación de software que se ejecuta en cualquier hardware básico. Por defecto, las peticiones SIP del tipo SUBSCRIBE no son autenticadas en las versiones afectadas de FreeSWITCH. El abuso de este problema de seguridad permite a atacantes suscribirse a las notificaciones de eventos del agente de usuario sin necesidad de autenticarse. Este abuso plantea problemas de privacidad y podría conllevar a ataques de ingeniería social o similares. Por ejemplo, los atacantes pueden ser capaces de monitorear el estado de las extensiones SIP objetivo. Aunque este problema es corregido en la versión v1.10.6, las instalaciones actualizadas a la versión corregida de FreeSWITCH desde una versión anterior, pueden seguir siendo vulnerables si la configuración no es actualizada en consecuencia. Las actualizaciones de software no actualizan la configuración por defecto. Los mensajes SIP SUBSCRIBE deberían ser autenticados por defecto para que los administradores de FreeSWITCH no necesiten establecer explícitamente el parámetro \\\"auth-subscriptions\\\". Cuando es seguida esta recomendación, es posible introducir un nuevo parámetro para deshabilitar explícitamente la autenticación\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.6\",\"matchCriteriaId\":\"8E0DCFCA-5CA9-43A1-9E2E-C94037099901\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Oct/41\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/signalwire/freeswitch/releases/tag/v1.10.6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Oct/41\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/signalwire/freeswitch/releases/tag/v1.10.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.