vulnerability
Ubuntu: USN-7416-1 (CVE-2020-28361): Kamailio vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Nov 18, 2020 | Apr 7, 2025 | Aug 18, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Nov 18, 2020
Added
Apr 7, 2025
Modified
Aug 18, 2025
Description
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.
Solution
ubuntu-pro-upgrade-kamailio
References
- CVE-2020-28361
- https://attackerkb.com/topics/CVE-2020-28361
- CWE-444
- UBUNTU-USN-7416-1
- URL-https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html
- URL-https://support.sippysoft.com/support/discussions/topics/3000179616
- URL-https://ubuntu.com/security/notices/USN-7416-1
- URL-https://www.cve.org/CVERecord?id=CVE-2020-28361
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.