CVE-2023-51443

{"id": "CVE-2023-51443", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-12-27T17:15:08.093", "references": [{"url": "http://packetstormsecurity.com/files/176393/FreeSWITCH-Denial-Of-Service.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security-advisories@github.com"}, {"url": "https://github.com/signalwire/freeswitch/commit/86cbda90b84ba186e508fbc7bfae469270a97d11", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "http://packetstormsecurity.com/files/176393/FreeSWITCH-Denial-Of-Service.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/signalwire/freeswitch/commit/86cbda90b84ba186e508fbc7bfae469270a97d11", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-703"}]}], "descriptions": [{"lang": "en", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check."}, {"lang": "es", "value": "FreeSWITCH es un Software Defined Telecom Stack que permite la transformaci\u00f3n digital de conmutadores de telecomunicaciones propietarios a una implementaci\u00f3n de software que se ejecuta en cualquier hardware b\u00e1sico. Antes de la versi\u00f3n 1.10.11, cuando se maneja DTLS-SRTP para la configuraci\u00f3n de medios, FreeSWITCH es susceptible a una denegaci\u00f3n de servicio debido a una condici\u00f3n de ejecuci\u00f3n en la fase de handshake del protocolo DTLS. Este ataque se puede realizar de forma continua, negando as\u00ed nuevas llamadas cifradas DTLS-SRTP durante el ataque. Si un atacante logra enviar un mensaje DTLS ClientHello con un CipherSuite no v\u00e1lido (como `TLS_NULL_WITH_NULL_NULL`) al puerto en el servidor FreeSWITCH que espera paquetes de la persona que llama, se genera un error DTLS. Esto da como resultado la cancelaci\u00f3n de la sesi\u00f3n de medios, a la que sigue tambi\u00e9n la cancelaci\u00f3n a nivel de se\u00f1alizaci\u00f3n (SIP). El abuso de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio masiva en servidores FreeSWITCH vulnerables para llamadas que dependen de DTLS-SRTP. Para abordar esta vulnerabilidad, actualice FreeSWITCH a 1.10.11, que incluye la soluci\u00f3n de seguridad. La soluci\u00f3n implementada es descartar todos los paquetes de direcciones que no hayan sido validadas por una verificaci\u00f3n ICE."}], "lastModified": "2024-11-21T08:38:07.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D602178F-BD2F-4B3D-97D9-7555182A7015", "versionEndExcluding": "1.10.11"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}