CVE-2020-15260

{"id": "CVE-2020-15260", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.2}]}, "published": "2021-03-10T23:15:12.300", "references": [{"url": "https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pjsip/pjproject/pull/2663", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://security.gentoo.org/glsa/202107-42", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-297"}]}], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection to another hostname, say `sip.bar.com`, which has the same IP address, then it will reuse that existing connection, even though `100.1.1.1` does not have certificate to authenticate as `sip.bar.com`. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing."}, {"lang": "es", "value": "PJSIP es una biblioteca de comunicaci\u00f3n multimedia de c\u00f3digo abierto y gratuita escrita en lenguaje C que implementa protocolos basados ??en est\u00e1ndares como SIP, SDP, RTP, STUN, TURN e ICE. En la versi\u00f3n 2.10 y anteriores, el transporte de PJSIP puede ser reutilizado si presentan la misma direcci\u00f3n IP + puerto + protocolo. Sin embargo, esto es insuficiente para un transporte seguro, ya que carece de autenticaci\u00f3n de nombre de host remoto. Supongamos que hemos creado una conexi\u00f3n TLS a \"sip.foo.com\", que presenta una direcci\u00f3n IP \"100.1.1.1\". Si queremos crear una conexi\u00f3n TLS para otro nombre de host, digamos \"sip.bar.com\", que presenta la misma direcci\u00f3n IP, entonces reutilizar\u00e1 esa conexi\u00f3n existente, aunque \"100.1.1.1\" no tenga certificado para autenticarse como \"sip.bar.com\". La vulnerabilidad permite una interacci\u00f3n no segura sin que el usuario se d\u00e9 cuenta. Afecta a usuarios que necesitan acceso a conexiones a diferentes destinos que se traducen en la misma direcci\u00f3n y permite un ataque de tipo man-in-the-middle si el atacante puede enrutar una conexi\u00f3n a otro destino, como en el caso de la suplantaci\u00f3n de DNS"}], "lastModified": "2022-07-22T12:49:27.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107D71AA-CD87-4682-B600-D583CB865E6F", "versionEndIncluding": "2.10"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}