CVE-2021-41145 – CVE-2021-41145 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-41145?

CVE-2021-41145 has a CVSS score of 8.6 (HIGH). CVE-2021-41145 is a denial-of-service vulnerability in FreeSWITCH where flooding the system with SIP messages causes memory exhaustion and crashes. This affects all FreeSWITCH instances prior to version 1.10.7, allowing unauthenticated attackers to disrupt telecom services.

📋 TL;DR

CVE-2021-41145 is a denial-of-service vulnerability in FreeSWITCH where flooding the system with SIP messages causes memory exhaustion and crashes. This affects all FreeSWITCH instances prior to version 1.10.7, allowing unauthenticated attackers to disrupt telecom services.

💻 Affected Systems

Products:

FreeSWITCH

Versions: All versions prior to 1.10.7

Operating Systems: All operating systems running FreeSWITCH

Default Config Vulnerable: ⚠️ Yes

Notes: All FreeSWITCH configurations with SIP enabled are vulnerable. The attack works over UDP, TCP, and TLS transport protocols.

📦 What is this software?

Freeswitch by Freeswitch

View all CVEs affecting Freeswitch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of FreeSWITCH telecom services, disrupting voice, video, and messaging communications for all users.

🟠

Likely Case

Service disruption and downtime requiring manual restart of FreeSWITCH processes, impacting call routing and telecom operations.

🟢

If Mitigated

Limited impact with proper network segmentation and rate limiting, potentially causing temporary performance degradation but preventing complete outage.

🌐 Internet-Facing: HIGH - Attack can be launched remotely over UDP/TCP/TLS without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems can still exploit this, but requires network access to FreeSWITCH services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SIP flooding tools can exploit this vulnerability. No authentication required and attack works over multiple transport protocols.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.10.7

Vendor Advisory: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download FreeSWITCH 1.10.7 or later from official repository. 3. Stop FreeSWITCH service. 4. Install new version. 5. Restart FreeSWITCH service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Rate Limiting

linux

Implement rate limiting on SIP traffic using network devices or firewalls

# Example iptables rule for SIP rate limiting
iptables -A INPUT -p udp --dport 5060 -m state --state NEW -m recent --set
iptables -A INPUT -p udp --dport 5060 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

Network Segmentation

linux

Restrict SIP traffic to trusted sources only using firewall rules

# Allow SIP only from specific IP ranges
iptables -A INPUT -p udp --dport 5060 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit SIP traffic to trusted sources only
Deploy intrusion prevention systems (IPS) with SIP flood detection capabilities

🔍 How to Verify

Check if Vulnerable:

Check FreeSWITCH version: freeswitch -version. If version is earlier than 1.10.7, system is vulnerable.

Check Version:

freeswitch -version

Verify Fix Applied:

After patching, verify version is 1.10.7 or later and monitor system memory usage during normal SIP traffic.

📡 Detection & Monitoring

Log Indicators:

Rapid increase in SIP message processing
Memory exhaustion warnings in system logs
FreeSWITCH process crashes or restarts

Network Indicators:

Unusually high volume of SIP traffic from single or multiple sources
SIP flood patterns in network traffic

SIEM Query:

source="freeswitch.log" ("memory" AND "exhaust") OR ("SIP" AND "flood") OR ("crash" AND "process")

📊 Metadata

CVE ID: CVE-2021-41145

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-400

Published: October 25, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 Release Notes,Third Party Advisory
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m Exploit,Third Party Advisory
https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 Release Notes,Third Party Advisory
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41145, you might also want to check these: