Freeswitch Security Vulnerabilities and Issues — Freeswitch CVE List

Lucene search

FreeswitchFreeswitch

8 matches found

CVE•added 2021/10/26 2:15 p.m.•139 views

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challen...

7.5CVSS6.5AI score0.00362EPSS

CVE•added 2021/10/25 4:15 p.m.•103 views

CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing...

7.5CVSS7.4AI score0.01298EPSS

CVE•added 2021/10/25 10:15 p.m.•93 views

CVE-2021-41105

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated b...

7.5CVSS7.4AI score0.0442EPSS

CVE•added 2015/10/05 2:59 p.m.•40 views

CVE-2015-7392

Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.

7.5CVSS8.2AI score0.03054EPSS

CVE•added 2023/12/27 5:15 p.m.•38 views

CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service du...

7.5CVSS6.5AI score0.00484EPSS

CVE•added 2018/12/06 6:29 p.m.•36 views

CVE-2018-19911

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alte...

7.6CVSS8.1AI score0.1338EPSS

CVE•added 2023/09/15 8:15 p.m.•32 views

CVE-2023-40018

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate...

7.5CVSS7.6AI score0.00551EPSS

CVE•added 2023/09/15 8:15 p.m.•26 views

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVIT...

7.5CVSS6.5AI score0.00227EPSS