Freeswitch@* Security Vulnerabilities and Issues — Freeswitch@* CVE List

Lucene search

SignalwireFreeswitch*

9 matches found

CVE•added 2021/10/26 2:15 p.m.•139 views

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challen...

7.5CVSS6.5AI score0.00362EPSS

CVE•added 2021/10/25 4:15 p.m.•103 views

CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing...

7.5CVSS7.4AI score0.01298EPSS

CVE•added 2021/10/26 2:15 p.m.•98 views

CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse o...

5.3CVSS5AI score0.00262EPSS

CVE•added 2021/10/25 10:15 p.m.•93 views

CVE-2021-41105

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated b...

7.5CVSS7.4AI score0.0442EPSS

CVE•added 2021/10/25 10:15 p.m.•90 views

CVE-2021-41145

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH wi...

8.6CVSS7.6AI score0.00954EPSS

CVE•added 2023/12/27 5:15 p.m.•38 views

CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service du...

7.5CVSS6.5AI score0.00348EPSS

CVE•added 2023/09/15 8:15 p.m.•32 views

CVE-2023-40018

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate...

7.5CVSS7.6AI score0.00551EPSS

CVE•added 2021/10/18 5:15 p.m.•30 views

CVE-2021-36513

An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.

7.5CVSS7.2AI score0.00477EPSS

CVE•added 2023/09/15 8:15 p.m.•26 views

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVIT...

7.5CVSS6.5AI score0.00227EPSS