CVSS 3.1 Score 7.5 of 10 (high)


Published Sep 15, 2023
Updated: Sep 21, 2023
CWE ID 787


CVE-2023-40018 is a vulnerability that affects FreeSWITCH, a Software Defined Telecom Stack used for digital transformation in the telecommunications industry. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger an out of bounds write by offering an ICE candidate with an unknown component ID. This vulnerability can be exploited by an attacker to corrupt FreeSWITCH memory, leading to undefined behavior or system crashes. The issue has been patched in version 1.10.10 of FreeSWITCH. The vulnerability has a base severity rating of HIGH and poses a potential danger to organizations using affected versions of FreeSWITCH as it could result in service disruption or unauthorized access to sensitive information.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-40018 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options