CVE-2021-41157 - Vulnerability Details

Vendors	Products
Freeswitch	Freeswitch

Link	Providers
http://seclists.org/fulldisclosure/2021/Oct/41
https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e
https://github.com/signalwire/freeswitch/releases/tag/v1.10.6
https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj

{"containers": {"cna": {"affected": [{"product": "freeswitch", "vendor": "signalwire", "versions": [{"status": "affected", "version": "< 1.10.6"}]}], "descriptions": [{"lang": "en", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-26T16:06:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"}, {"name": "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Oct/41"}], "source": {"advisory": "GHSA-g7xg-7c54-rmpj", "discovery": "UNKNOWN"}, "title": "FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2021-41157", "STATE": "PUBLIC", "TITLE": "FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "freeswitch", "version": {"version_data": [{"version_value": "< 1.10.6"}]}}]}, "vendor_name": "signalwire"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj", "refsource": "CONFIRM", "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj"}, {"name": "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e", "refsource": "MISC", "url": "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e"}, {"name": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6", "refsource": "MISC", "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"}, {"name": "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Oct/41"}]}, "source": {"advisory": "GHSA-g7xg-7c54-rmpj", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:59:31.697Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"}, {"name": "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Oct/41"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41157", "datePublished": "2021-10-26T13:35:10", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T02:59:31.697Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E0DCFCA-5CA9-43A1-9E2E-C94037099901", "versionEndExcluding": "1.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication."}, {"lang": "es", "value": "FreeSWITCH es una Pila de Telecomunicaciones Definida por Software que permite la transformaci\u00f3n digital de los switches de telecomunicaciones propietarios a una implementaci\u00f3n de software que se ejecuta en cualquier hardware b\u00e1sico. Por defecto, las peticiones SIP del tipo SUBSCRIBE no son autenticadas en las versiones afectadas de FreeSWITCH. El abuso de este problema de seguridad permite a atacantes suscribirse a las notificaciones de eventos del agente de usuario sin necesidad de autenticarse. Este abuso plantea problemas de privacidad y podr\u00eda conllevar a ataques de ingenier\u00eda social o similares. Por ejemplo, los atacantes pueden ser capaces de monitorear el estado de las extensiones SIP objetivo. Aunque este problema es corregido en la versi\u00f3n v1.10.6, las instalaciones actualizadas a la versi\u00f3n corregida de FreeSWITCH desde una versi\u00f3n anterior, pueden seguir siendo vulnerables si la configuraci\u00f3n no es actualizada en consecuencia. Las actualizaciones de software no actualizan la configuraci\u00f3n por defecto. Los mensajes SIP SUBSCRIBE deber\u00edan ser autenticados por defecto para que los administradores de FreeSWITCH no necesiten establecer expl\u00edcitamente el par\u00e1metro \"auth-subscriptions\". Cuando es seguida esta recomendaci\u00f3n, es posible introducir un nuevo par\u00e1metro para deshabilitar expl\u00edcitamente la autenticaci\u00f3n"}], "id": "CVE-2021-41157", "lastModified": "2024-11-21T06:25:37.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2021-10-26T14:15:07.807", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/41"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e"}, {"source": "[email protected]", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/41"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "[email protected]", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object