CVE-2023-51443

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Dec 27, 2023
Updated: Feb 2, 2024
CWE ID 703

Summary

CVE-2023-51443 is a Denial of Service vulnerability affecting FreeSWITCH, a software defined telecom stack. Prior to version 1.10.11, FreeSWITCH is vulnerable to continuous Denial of Service attacks during the DTLS protocol's hello handshake phase. An attacker can exploit this race condition by sending an invalid CipherSuite in a ClientHello message, causing media sessions to be torn down and resulting in a SIP level teardown. This vulnerability can lead to a massive Denial of Service on FreeSWITCH servers handling DTLS-SRTP encrypted calls. To mitigate this risk, administrators are advised to upgrade to version 1.10.11, which includes the security fix. The new solution drops all packets from unvalidated addresses, preventing potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share