CVE-2020-28361

Published: Nov 18, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html

x_refsource_MISC

https://support.sippysoft.com/support/discussions/topics/3000179616

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-28361

Description

Affected Products

References