cvedb.io
CVE-2021-41158
MEDIUM · CVSS 5.8
EPSS exploitation probability: 0%
Published 2021-10-26T14:15:08.007 · Last modified 2026-06-17T04:07:59.573

Summary

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privilege

Affected products

freeswitch — freeswitch

Does this affect you?

Add your gear to cvedb and we'll alert you only when freeswitch ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.