CVE-2023-51443

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.10.11

Description The issue is related to incorrect handling of exceptional states in the FreeSWITCH software-defined telecom stack, which can lead to a Denial of Service (DoS) when handling DTLS-SRTP for media setup. An attacker can exploit this by sending a ClientHello DTLS message with an invalid CipherSuite, such as TLS NULL WITH NULL NULL, to the FreeSWITCH server, resulting in a DTLS error and tearing down the media session, followed by a teardown at the signaling (SIP) level. This can lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP.

Recommendations To address this vulnerability, upgrade FreeSWITCH to version 1.10.11, which includes the security fix that drops all packets from addresses that have not been validated by an ICE check.