Unrated severityNVD Advisory· Published Nov 18, 2020· Updated Aug 4, 2024
CVE-2020-28361
CVE-2020-28361
Description
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Kamailio/Kamailiodescription
- Range: >=4.5, <=5.2
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.htmlmitrex_refsource_MISC
- support.sippysoft.com/support/discussions/topics/3000179616mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.