The vulnerability of the configuration file event_socket.conf.xml, which is part of the program-defined telecommunication stack FreeSWITCH and the application for unified video control called Victor, allows a perpetrator to gain full control over the system.

The vulnerability of the eventsocket.conf.xml configuration file for the program-defined telecommunication stack FreeSWITCH and its application for unified video control involves the use of default credentials. Exploiting this vulnerability could allow a malicious actor to gain full control over...

Exploit for Missing Authentication for Critical Function in Freeswitch

PewSWITCH A FreeSWITCH specific scanning and exploitation tool...

Authentication Bypass

freeswitch is vulnerable to Authentication Bypass. The vulnerability exists because the SIP MESSAGE requests are not properly authenticated which allows an attacker to to send SIP MESSAGE messages to any SIP user agent that is registered with the server...

Privilege Escalation

freeswitch is vulnerable to privilege escalation. The vulnerability exists due to SIP requests of the type SUBSCRIBE are not authenticated by default...

Information Disclosure

FreeSWITCH is vulnerable to information disclosure. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the...

Denial Of Service (DoS)

freeswitch is vulnerable to denial of service. An attacker is able to flood the system with SIP messages causing it to crash...

Denial Of Service (DoS)

freeswitch is vulnerable to denial of service. An attacker may continuously deny encrypted calls, causing the system to crash...

FreeSWITCH < 1.10.6 Information Disclosure Vulnerability

FreeSWITCH is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

FreeSWITCH < 1.10.7 Multiple Vulnerabilities

FreeSWITCH is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

ALPINE-CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

Design/Logic Flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

Design/Logic Flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

CVE-2021-41158

CVE-2021-41158 affects FreeSWITCH prior to 1.10.7. An attacker can trigger a SIP digest leak by provoking challenges with the realm of a configured gateway, causing FreeSWITCH to reveal the gateway’s challenge response (password-derived) without special network privileges. Root cause: flawed chal...

CVE-2021-41158 FreeSWITCH vulnerable to SIP digest leak for configured gateways

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

CVE-2021-41157

CVE-2021-41157 affects FreeSWITCH where SIP SUBSCRIBE requests are not authenticated by default in affected releases. The issue allows unauthenticated subscriptions to user agent event notifications, posing privacy risks (e.g., monitoring SIP extensions). The advisory notes a fix in v1.10.6, but ...