How severe is CVE-2023-51443?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-51443?

This is classified as CWE-703, which is a common weakness in software security.

CVE-2023-51443

MEDIUM Year: 2023

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-703

View all →

Vulnerability Description

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.

CVE-2023-35867

MEDIUM

CVSS:5.9(Medium)

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this ...

CWE-7032023

CVE-2023-49786

MEDIUM

CVSS:5.9(Medium)

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susc...

CWE-7032023

CVE-2024-31883

MEDIUM

CVSS:5.9(Medium)

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-F...

CWE-7032024

CVE-2024-9104

MEDIUM

CVSS:5.6(Medium)

The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated va...

CWE-7032024

CVE-2023-21026

MEDIUM

CVSS:5.5(Medium)

In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of...

CWE-7032023

CVE-2023-21036

MEDIUM

CVSS:5.5(Medium)

In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A

CWE-7032023

CVE-2023-51443

Vulnerability Description

Related Vulnerabilities

CVE-2023-35867

CVE-2023-49786

CVE-2024-31883

CVE-2024-9104

CVE-2023-21026

CVE-2023-21036