CVE-2020-28361 - Vulnerability Details - OpenCVE

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kamailio	Kamailio

Configuration 1 [-]

cpe:2.3:a:kamailio:kamailio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html
https://support.sippysoft.com/support/discussions/topics/3000179616

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-18T13:34:23

Updated: 2024-08-04T16:33:59.139Z

Reserved: 2020-11-09T00:00:00

Link: CVE-2020-28361

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-18T14:15:12.017

Modified: 2024-11-21T05:22:39.617

Link: CVE-2020-28361

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-19T14:59:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html"}, {"tags": ["x_refsource_MISC"], "url": "https://support.sippysoft.com/support/discussions/topics/3000179616"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28361", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html"}, {"name": "https://support.sippysoft.com/support/discussions/topics/3000179616", "refsource": "MISC", "url": "https://support.sippysoft.com/support/discussions/topics/3000179616"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:59.139Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.sippysoft.com/support/discussions/topics/3000179616"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28361", "datePublished": "2020-11-18T13:34:23", "dateReserved": "2020-11-09T00:00:00", "dateUpdated": "2024-08-04T16:33:59.139Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kamailio:kamailio:*:*:*:*:*:*:*:*", "matchCriteriaId": "95B2FC08-D7E3-4464-9D9C-DD5187C9119A", "versionEndExcluding": "5.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue."}, {"lang": "es", "value": "Kamailio versiones anteriores a 5.4.0, como es usado en Sip Express Router (SER) en Sippy Softswitch versiones 4.5 hasta 5.2 y otros productos, permite omitir un mecanismo de protecci\u00f3n de eliminaci\u00f3n de encabezado por medio de caracteres de espacio en blanco. Esto ocurre en la funci\u00f3n remove_hf en el m\u00f3dulo textops de Kamailio. El uso particular de remove_hf en el softswitch Sippy puede permitir a un atacante h\u00e1bil con una credencial v\u00e1lida en el sistema interrumpir los mecanismos internos de contabilidad de inicio/duraci\u00f3n de llamadas, lo que puede dar lugar a una p\u00e9rdida de ingresos"}], "id": "CVE-2020-28361", "lastModified": "2024-11-21T05:22:39.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-18T14:15:12.017", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://support.sippysoft.com/support/discussions/topics/3000179616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://support.sippysoft.com/support/discussions/topics/3000179616"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}