Vulnerability in Linphone SIP Stack Could Allow Attackers to Remotely Crash Client Devices

On September 1, 2021, cybersecurity researchers revealed a zero-click vulnerability in the Linphone Session Initiation Protocol (SIP) stack. This flaw can be exploited remotely to crash the SIP client without any action needed from the victim, leading to a denial-of-service (DoS) condition. Identified as CVE-2021-33056 (with a CVSS score of 7.5), it arises from a NULL pointer dereference in the “belle-sip” component, a C-language library that supports SIP transport, transactions, and dialog layers. All versions prior to 4.5.20 are affected. The vulnerability was discovered and reported by the cybersecurity company Claroty. Linphone is an open-source, cross-platform SIP client that facilitates voice and video calls, end-to-end encrypted messaging, and audio conferences. SIP is the signaling protocol used to initiate, maintain, and terminate real-time multimedia communication sessions.

Linphone SIP Stack Vulnerability Exposes Clients to Remote Disruption

On September 1, 2021, cybersecurity experts unveiled a critical zero-click vulnerability within the Linphone Session Initiation Protocol (SIP) stack, allowing potential exploitation that could lead to remote crashes of affected client devices. Identified as CVE-2021-33056, this vulnerability boasts a CVSS score of 7.5, making it a significant concern for businesses leveraging this communication technology.

The root of the issue lies in a NULL pointer dereference within the “belle-sip” component, which functions as a C-language library for managing SIP transport, transaction, and dialog layers. Notably, all versions of the library prior to 4.5.20 are susceptible to this flaw, which creates conditions that can induce a denial-of-service (DoS).

This vulnerability was discovered and reported by Claroty, an industrial cybersecurity company with a focus on protecting critical infrastructure. Linphone, the open-source and cross-platform SIP client impacted by this security breach, supports a range of functionalities, including voice and video calls, encrypted messaging, and audio conferencing. The client has seen widespread usage across various sectors, raising concerns over the implications of such a vulnerability.

The primary targets of this vulnerability are organizations utilizing Linphone for their communication needs, potentially affecting businesses operating in diverse regions, including the United States. Given the ubiquitous nature of remote communication tools in a post-pandemic landscape, the risks associated with this vulnerability are particularly pressing for business owners.

From an operational security perspective, this incident aligns with multiple tactics and techniques in the MITRE ATT&CK framework, particularly in the areas of initial access and denial of service. Attackers could exploit the vulnerability to gain immediate access to the client’s functionality without any user interaction, demonstrating the severe implications of such a security flaw. Furthermore, the potential for creating conditions that lead to service disruptions emphasizes the need for robust security measures and timely updates.

In response to this vulnerability, it is advisable for companies utilizing Linphone or any affected versions of the belle-sip library to upgrade to version 4.5.20 or later. Proactive steps should also include enhancing employee awareness about potential cyber threats and implementing comprehensive monitoring systems.

As cyber threats continue to evolve, maintaining vigilance and ensuring that communication tools are secure will be paramount for businesses looking to protect their operations and data integrity. The Linphone vulnerability serves as a stark reminder of the vulnerabilities that can exist even in widely-used open-source software and the importance of swift remediation in a rapidly changing cyber landscape.

Source link

Related Posts

WhatsApp Image Filter Vulnerability May Have Exposed User Data to Remote Attacks

A recently patched high-severity security flaw in WhatsApp’s image filter feature posed a serious risk of allowing malicious images to extract sensitive information from the app’s memory. Identified as CVE-2020-1910 (CVSS score: 7.8), this vulnerability involved out-of-bounds read/write errors that could be exploited by applying specific filters to a crafted image before sending it to an unsuspecting recipient, enabling attackers to access critical data. According to WhatsApp’s advisory from February 2021, “A missing bounds check in WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business prior to the same version could have led to this vulnerability.” The issue was reported to the Facebook-owned platform by cybersecurity firm Check Point Research on November 10, 2020.

Microsoft Alerts Users to Cross-Account Takeover Vulnerability in Azure Container Instances

On September 10, 2021, Microsoft announced that it had fixed a security flaw in its Azure Container Instances (ACI) service that could be exploited by malicious actors to gain unauthorized access to information from other customers. Researchers referred to this vulnerability as the “first cross-account container takeover in the public cloud.” An attacker could use this weakness to execute harmful commands on other users’ containers, potentially stealing customer secrets and deployed images. Microsoft did not provide further details about the flaw but advised affected customers to “revoke any privileged credentials that were deployed to the platform before August 31, 2021.” Azure Container Instances enables users to run Docker containers directly in a serverless cloud environment without the need for virtual machines, clusters, or orchestration tools. Palo Alto Networks’ Unit 42 threat intelligence team identified the vulnerability…

Microsoft Issues Update for Actively Exploited Windows Zero-Day Vulnerability

On September 15, 2021, Microsoft released crucial software updates as part of its monthly Patch Tuesday cycle to address 66 security vulnerabilities across Windows and other platforms, including Azure, Office, BitLocker, and Visual Studio. Among these was an actively exploited zero-day flaw in the MSHTML Platform that surfaced last week. Of the 66 vulnerabilities, three are categorized as Critical, 62 as Important, and one as Moderate. Additionally, the company has resolved 20 vulnerabilities in the Chromium-based Microsoft Edge browser earlier this month. Notably, the most critical update targets CVE-2021-40444 (CVSS score: 8.8), a remote code execution vulnerability in MSHTML that can be exploited through malicious Microsoft Office documents, with experts noting that the exploit takes advantage of logical flaws for effective exploitation.

VMware Issues Urgent Warning About Critical File Upload Vulnerability in vCenter Server

On September 22, 2021, VMware released a bulletin detailing up to 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that could be exploited by remote attackers to gain control of affected systems. The most pressing concern is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005), which affects vCenter Server versions 6.7 and 7.0. According to VMware, “A malicious actor with network access to port 443 on vCenter Server could exploit this issue to execute code by uploading a specially crafted file.” The company emphasized that this vulnerability is accessible to anyone who can reach vCenter Server over the network, irrespective of its configuration settings. While VMware has provided temporary workarounds for this issue, they caution that these measures are intended only as a stopgap until proper updates can be deployed.