VDB
CVE-2021-41145
CVE-2021-41145
PUBLISHED
CVSS 8.600000381469727 HIGH
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7.
EPSS 0.95% · 76.7th percentile
Risk Scores
CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.95%
76.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| signalwire | freeswitch | * |
| freeswitch | freeswitch | 0 |
Timeline
- Oct 25, 2021 CVE Published
- Oct 26, 2021 PoC Published
- Oct 26, 2021 EPSS Score
- Dec 21, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 15, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 12, 2022 EPSS Score
- Jun 7, 2022 EPSS Score
- Aug 3, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Jan 18, 2023 EPSS Score