Freeswitch

Freeswitch

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-40019

Exploit
  • EPSS 0.76%
  • Veröffentlicht 15.09.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:18:31

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cau...

7.5

CVE-2023-40018

  • EPSS 0.75%
  • Veröffentlicht 15.09.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:18:31

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger...

7.5

CVE-2021-41158

Exploit
  • EPSS 0.8%
  • Veröffentlicht 26.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:25:37

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak ...

5

CVE-2021-41157

Exploit
  • EPSS 1.69%
  • Veröffentlicht 26.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:37

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticate...

7.5

CVE-2021-41145

Exploit
  • EPSS 1.6%
  • Veröffentlicht 25.10.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:35

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Serv...

5

CVE-2021-41105

Exploit
  • EPSS 2.44%
  • Veröffentlicht 25.10.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:28

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is sus...

7.5

CVE-2021-37624

Exploit
  • EPSS 3.49%
  • Veröffentlicht 25.10.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:32

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSA...

9.8

CVE-2019-19492

Exploit
  • EPSS 28.95%
  • Veröffentlicht 02.12.2019 02:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:49

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

7.6

CVE-2018-19911

Exploit
  • EPSS 2.7%
  • Veröffentlicht 06.12.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:47

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?ca...

7.5

CVE-2015-7392

Exploit
  • EPSS 4.67%
  • Veröffentlicht 05.10.2015 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.