Enable Security researchers have released details regarding a set of five vulnerabilities in telecoms stack software FreeSwitch.
The vulnerabilities in FreeSwitch lead to denial of service, authentication problems, and information leakage for systems running FreeSwitch quintet of flaws, as told by the researchers from German telecoms security consultancy Enable Security. FreeSwitch is an open-source communication platform enabling the digital transformation from proprietary telecom switches to a versatile software execution that operates on any commodity hardware.
All five vulnerabilities were patched with FreeSwitch 1.10.7, released on October 25. According to security experts, this particular denial of service needs no authentication to trigger. Companies running the affected software should patch their systems or risk being compromised.
The critical vulnerability flaw (CVE-2021-41145, CVSS score 8.6) leaves FreeSwitch in danger of denial of service via SIP flooding. If an attacker targets a switch with sufficient malicious SIP messages, then it can exhaust the memory of a device.
Subsequently, a moderate severity flaw (CVE-2021-41158) allows cybercriminals to carry out a SIP digest leak attack against FreeSwitch and receive the challenge-response of a gateway configured on the FreeSwitch server. This leaked data might be used to determine a gateway password.
Finally, a failure of previous versions of FreeSwitch to authenticate SIP ‘SUBSCRIBE’ requests, which are used to subscribe to user agent event notifications, created a moderate privacy risk.
"Each vulnerability has a different impact. The worst one is the DoS due to the SIP flood since in RTC downtime is a huge deal. [It's] hard for me to say how many are affected. There will be more with a custom User-Agent header. And various systems will be internal / not responding to Shodan / hiding behind an SIP router / SBC etc.,” stated Sandro Gauci, the researcher who led the team at Enable Security which carried out the research.
"We've been advocating for more security research/testing in the area because many security professionals seem to ignore the topic. FreeSwitch developers were very receptive and we were happy to work with them on these issues" Gauci concluded with a hope that Enable's work might inspire other researchers to look into the security.
